urlencode query_string for magic auth to make sure GET params make it back

to the originating server
author: zottel <github@zottel.net> 2014-01-09 15:59:42 +0100
committer: zottel <github@zottel.net> 2014-01-09 15:59:42 +0100
commit: cd65d172baab020802421db8e5b5d54033dafaa8 (patch)
tree: f314fda58403a75ae628bda50cb62aaf39a0dbdb /include/identity.php
parent: c6b9e443530fa2598f931571a0aa026b7bef8992 (diff)
download: volse-hubzilla-cd65d172baab020802421db8e5b5d54033dafaa8.tar.gz
volse-hubzilla-cd65d172baab020802421db8e5b5d54033dafaa8.tar.bz2
volse-hubzilla-cd65d172baab020802421db8e5b5d54033dafaa8.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/include/identity.php b/include/identity.php
index 5e25244e6..9fba55da5 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -1023,7 +1023,7 @@ function zid_init(&$a) {
 				dbesc($tmp_str)
 			);
 			// try to avoid recursion - but send them home to do a proper magic auth
-			$dest = '/' . $a->query_string;
+			$dest = '/' . urlencode($a->query_string);
 			$dest = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$dest);
 			if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) {
 				goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&dest=' . z_root() . $dest);
@@ -1140,4 +1140,4 @@ function is_foreigner($s) {
 
 function is_member($s) {
 	return((is_foreigner($s)) ? false : true);
-}
-\ No newline at end of file
+}
author	zottel <github@zottel.net>	2014-01-09 15:59:42 +0100
committer	zottel <github@zottel.net>	2014-01-09 15:59:42 +0100
commit	cd65d172baab020802421db8e5b5d54033dafaa8 (patch)
tree	f314fda58403a75ae628bda50cb62aaf39a0dbdb /include/identity.php
parent	c6b9e443530fa2598f931571a0aa026b7bef8992 (diff)
download	volse-hubzilla-cd65d172baab020802421db8e5b5d54033dafaa8.tar.gz volse-hubzilla-cd65d172baab020802421db8e5b5d54033dafaa8.tar.bz2 volse-hubzilla-cd65d172baab020802421db8e5b5d54033dafaa8.zip