From 8e51988e96834e3b1728e3b5085c8db40ce040a3 Mon Sep 17 00:00:00 2001
From: Mario Vavti <mario@mariovavti.com>
Date: Thu, 23 Jan 2025 21:24:06 +0100
Subject: unescape_tags() on URLs before we start messing with them

---
 include/zid.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/zid.php b/include/zid.php
index 2b5d53916..b74e82930 100644
--- a/include/zid.php
+++ b/include/zid.php
@@ -150,6 +150,9 @@ function clean_query_string($s = '') {
  */
 
 function drop_query_params($s, $p) {
+
+		$s = unescape_tags($s);
+
 		$parsed = parse_url($s);
 		$query = '';
 		$query_args = null;
@@ -172,7 +175,7 @@ function drop_query_params($s, $p) {
 			$parsed['query'] = $query;
 		}
 
-		return unparse_url($parsed);
+		return escape_tags(unparse_url($parsed));
 }
 
 
-- 
cgit v1.2.3