aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-11-05 19:47:44 -0800
committerzotlabs <mike@macgirvin.com>2017-11-05 19:47:44 -0800
commit7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e (patch)
tree4ebd4a9fef3f43b00516e15df2f7e27a214353a4 /include
parent359bfb76f66efd585b0cba1b2f81494859931d61 (diff)
downloadvolse-hubzilla-7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e.tar.gz
volse-hubzilla-7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e.tar.bz2
volse-hubzilla-7efcb3c75f08c8d974f13cd8b5f32f14749d8b6e.zip
allow cloud filenames to include ampersands without messing up auth tokens (zid, owt, and zat, and the constant placeholder 'f=')
Diffstat (limited to 'include')
-rw-r--r--include/zid.php21
1 files changed, 5 insertions, 16 deletions
diff --git a/include/zid.php b/include/zid.php
index 359b1721f..d1a0fa88a 100644
--- a/include/zid.php
+++ b/include/zid.php
@@ -103,25 +103,14 @@ function strip_zats($s) {
return preg_replace('/[\?&]zat=(.*?)(&|$)/ism','$2',$s);
}
-function strip_auth_query_params() {
- $_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
- $_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
- $_SERVER['QUERY_STRING'] = strip_owt($_SERVER['QUERY_STRING']);
- $_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
- $_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
- $_SERVER['REQUEST_URI'] = strip_owt($_SERVER['REQUEST_URI']);
-
-
- $_ENV['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_ENV['QUERY_STRING']);
- $_ENV['QUERY_STRING'] = strip_zids($_ENV['QUERY_STRING']);
- $_ENV['QUERY_STRING'] = strip_owt($_ENV['QUERY_STRING']);
-
- $_ENV['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_ENV['REQUEST_URI']);
- $_ENV['REQUEST_URI'] = strip_zids($_ENV['REQUEST_URI']);
- $_ENV['REQUEST_URI'] = strip_owt($_ENV['REQUEST_URI']);
+function clean_query_string() {
+ $x = strip_zids(\App::$query_string);
+ $x = strip_owt($x);
+ $x = strip_zats($x);
+ return strip_query_param($x,'f');
}