diff options
| -rw-r--r-- | include/text.php | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/include/text.php b/include/text.php index 4fe9f9cde..097b02bbc 100644 --- a/include/text.php +++ b/include/text.php @@ -2033,13 +2033,14 @@ function normalise_openid($s) { return trim(str_replace(array('http://','https://'),array('',''),$s),'/'); } -// used in ajax endless scroll request to find out all the args that the master page was viewing - +// used in ajax endless scroll request to find out all the args that the master page was viewing. +// This was using $_REQUEST, but $_REQUEST also contains all your cookies. So we're restricting it +// to $_GET. If this is used in a post handler, that decision may need to be considered. function extra_query_args() { $s = ''; - if(count($_REQUEST)) { - foreach($_REQUEST as $k => $v) { + if(count($_GET)) { + foreach($_GET as $k => $v) { // these are request vars we don't want to duplicate if(! in_array($k, array('q','f','zid','page','PHPSESSID'))) { $s .= '&' . $k . '=' . $v; |