From a05c8ff66bd8d09f69f6c59bc49b7627792f4109 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Wed, 18 Jul 2018 17:48:23 -0700 Subject: query filter was a bit greedy --- boot.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'boot.php') diff --git a/boot.php b/boot.php index 3b8347c30..5f833c132 100755 --- a/boot.php +++ b/boot.php @@ -874,11 +874,12 @@ class App { } if((x($_SERVER,'QUERY_STRING')) && substr($_SERVER['QUERY_STRING'], 0, 2) === "q=") { - self::$query_string = escape_tags(substr($_SERVER['QUERY_STRING'], 2)); + self::$query_string = str_replace(['<','>'],['<','>'],substr($_SERVER['QUERY_STRING'], 2); // removing trailing / - maybe a nginx problem if (substr(self::$query_string, 0, 1) == "/") self::$query_string = substr(self::$query_string, 1); } + if(x($_GET,'q')) self::$cmd = escape_tags(trim($_GET['q'],'/\\')); -- cgit v1.2.3