aboutsummaryrefslogtreecommitdiffstats
path: root/include/dir_fns.php
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2015-01-08 19:09:52 -0800
committerfriendica <info@friendica.com>2015-01-08 19:09:52 -0800
commit1e4e7ce2d3c28331d408ad0e40ab0e3bb912e7f1 (patch)
treeb9ca6b2c16c6efd8ece888567bd265ec2a8e22ab /include/dir_fns.php
parent836223bf5b60a8b0db27dac9e5c183c77fa6a2e1 (diff)
downloadvolse-hubzilla-1e4e7ce2d3c28331d408ad0e40ab0e3bb912e7f1.tar.gz
volse-hubzilla-1e4e7ce2d3c28331d408ad0e40ab0e3bb912e7f1.tar.bz2
volse-hubzilla-1e4e7ce2d3c28331d408ad0e40ab0e3bb912e7f1.zip
SECURITY: dir_sort_links() exposes session cookie
Diffstat (limited to 'include/dir_fns.php')
-rw-r--r--include/dir_fns.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/include/dir_fns.php b/include/dir_fns.php
index af6f78c01..98b906e84 100644
--- a/include/dir_fns.php
+++ b/include/dir_fns.php
@@ -56,10 +56,10 @@ function dir_sort_links() {
$current_order = (($_REQUEST['order']) ? $_REQUEST['order'] : 'normal');
$url = 'directory?';
- $tmp = $_REQUEST;
+ $tmp = array_merge($_GET,$_POST);
unset($tmp['order']);
$sorturl = $url . http_build_query($tmp);
- $tmp = $_REQUEST;
+ $tmp = array_merge($_GET,$_POST);
unset($tmp['pubforums']);
$forumsurl = $url . http_build_query($tmp);