aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzottel <github@zottel.net>2014-01-09 15:59:42 +0100
committerzottel <github@zottel.net>2014-01-09 15:59:42 +0100
commitcd65d172baab020802421db8e5b5d54033dafaa8 (patch)
treef314fda58403a75ae628bda50cb62aaf39a0dbdb
parentc6b9e443530fa2598f931571a0aa026b7bef8992 (diff)
downloadvolse-hubzilla-cd65d172baab020802421db8e5b5d54033dafaa8.tar.gz
volse-hubzilla-cd65d172baab020802421db8e5b5d54033dafaa8.tar.bz2
volse-hubzilla-cd65d172baab020802421db8e5b5d54033dafaa8.zip
urlencode query_string for magic auth to make sure GET params make it back
to the originating server
-rw-r--r--include/identity.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/include/identity.php b/include/identity.php
index 5e25244e6..9fba55da5 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -1023,7 +1023,7 @@ function zid_init(&$a) {
dbesc($tmp_str)
);
// try to avoid recursion - but send them home to do a proper magic auth
- $dest = '/' . $a->query_string;
+ $dest = '/' . urlencode($a->query_string);
$dest = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$dest);
if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) {
goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&dest=' . z_root() . $dest);
@@ -1140,4 +1140,4 @@ function is_foreigner($s) {
function is_member($s) {
return((is_foreigner($s)) ? false : true);
-} \ No newline at end of file
+}