From 1e4e7ce2d3c28331d408ad0e40ab0e3bb912e7f1 Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Thu, 8 Jan 2015 19:09:52 -0800
Subject: SECURITY: dir_sort_links() exposes session cookie

---
 include/dir_fns.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/dir_fns.php b/include/dir_fns.php
index af6f78c01..98b906e84 100644
--- a/include/dir_fns.php
+++ b/include/dir_fns.php
@@ -56,10 +56,10 @@ function dir_sort_links() {
 
 	$current_order = (($_REQUEST['order']) ? $_REQUEST['order'] : 'normal');
 	$url = 'directory?';
-	$tmp = $_REQUEST;
+	$tmp = array_merge($_GET,$_POST);
 	unset($tmp['order']);
 	$sorturl = $url . http_build_query($tmp);
-	$tmp = $_REQUEST;
+	$tmp = array_merge($_GET,$_POST);
 
 	unset($tmp['pubforums']);
 	$forumsurl = $url . http_build_query($tmp);
-- 
cgit v1.2.3