From cd65d172baab020802421db8e5b5d54033dafaa8 Mon Sep 17 00:00:00 2001
From: zottel <github@zottel.net>
Date: Thu, 9 Jan 2014 15:59:42 +0100
Subject: urlencode query_string for magic auth to make sure GET params make it
 back to the originating server

---
 include/identity.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include/identity.php')

diff --git a/include/identity.php b/include/identity.php
index 5e25244e6..9fba55da5 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -1023,7 +1023,7 @@ function zid_init(&$a) {
 				dbesc($tmp_str)
 			);
 			// try to avoid recursion - but send them home to do a proper magic auth
-			$dest = '/' . $a->query_string;
+			$dest = '/' . urlencode($a->query_string);
 			$dest = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$dest);
 			if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) {
 				goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&dest=' . z_root() . $dest);
@@ -1140,4 +1140,4 @@ function is_foreigner($s) {
 
 function is_member($s) {
 	return((is_foreigner($s)) ? false : true);
-}
\ No newline at end of file
+}
-- 
cgit v1.2.3