aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/text.php9
1 files changed, 5 insertions, 4 deletions
diff --git a/include/text.php b/include/text.php
index 4fe9f9cde..097b02bbc 100644
--- a/include/text.php
+++ b/include/text.php
@@ -2033,13 +2033,14 @@ function normalise_openid($s) {
return trim(str_replace(array('http://','https://'),array('',''),$s),'/');
}
-// used in ajax endless scroll request to find out all the args that the master page was viewing
-
+// used in ajax endless scroll request to find out all the args that the master page was viewing.
+// This was using $_REQUEST, but $_REQUEST also contains all your cookies. So we're restricting it
+// to $_GET. If this is used in a post handler, that decision may need to be considered.
function extra_query_args() {
$s = '';
- if(count($_REQUEST)) {
- foreach($_REQUEST as $k => $v) {
+ if(count($_GET)) {
+ foreach($_GET as $k => $v) {
// these are request vars we don't want to duplicate
if(! in_array($k, array('q','f','zid','page','PHPSESSID'))) {
$s .= '&' . $k . '=' . $v;