r73952 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r73951‎ \| r73952 \| r73953 >
Date:	15:56, 29 September 2010
Author:	yaron
Status:	deferred
Tags:
Comment:	Fix for ampersands in field names and variables within 'query string' parameter in both #forminput and #formlink
Modified paths:	/trunk/extensions/SemanticForms/includes/SF_ParserFunctions.php (modified) (history)

Diff [purge]

Index: trunk/extensions/SemanticForms/includes/SF_ParserFunctions.php
—	—	@@ -171,6 +171,10 @@
172	172	// has to be turned into hidden inputs
173	173	if ( $inLinkType == 'post button' ) {
174	174	$hidden_inputs = "";
	175	+ // Change HTML-encoded ampersands to
	176	+ // URL-encoded ampersands, so that the string
	177	+ // doesn't get split up on the '&'.
	178	+ $inQueryStr = str_replace( '&', '%26', $inQueryStr );
175	179	$query_components = explode( '&', $inQueryStr );
176	180	foreach ( $query_components as $query_component ) {
177	181	$query_component = urldecode( $query_component );
—	—	@@ -181,9 +185,11 @@
182	186	}
183	187	} else {
184	188	$link_url .= ( strstr( $link_url, '?' ) ) ? '&' : '?';
185		~~- // URL-encode any spaces or plus-signs in the query string~~
186		~~- $inQueryStr = str_replace( array( ' ', '+' ),~~
187		~~- array( '%20', '%2B' ),~~
	189	+ // URL-encode any spaces, plus-signs or
	190	+ // ampersands in the query string
	191	+ // (should this just be a general urlencode?)
	192	+ $inQueryStr = str_replace( array( ' ', '+', '&' ),
	193	+ array( '%20', '%2B', '%26' ),
188	194	$inQueryStr );
189	195	$link_url .= $inQueryStr;
190	196	}
—	—	@@ -301,9 +307,15 @@
302	308	} else {
303	309	$str .= ' <input type="hidden" name="form" value="' . $inFormName . '">' . "\n";
304	310	}
305		~~- // recreate the passed-in query string as a set of hidden variables~~
	311	+ // Recreate the passed-in query string as a set of hidden
	312	+ // variables.
	313	+ // Change HTML-encoded ampersands to URL-encoded ampersands, so
	314	+ // that the string doesn't get split up on the '&'.
	315	+ $inQueryStr = str_replace( '&', '%26', $inQueryStr );
306	316	$query_components = explode( '&', $inQueryStr );
307	317	foreach ( $query_components as $component ) {
	318	+ // change URL-encoded ampersands back
	319	+ $component = str_replace( '%26', '&', $component );
308	320	$subcomponents = explode( '=', $component, 2 );
309	321	$key = ( isset( $subcomponents[0] ) ) ? $subcomponents[0] : '';
310	322	$val = ( isset( $subcomponents[1] ) ) ? $subcomponents[1] : '';

Status & tagging log

19:25, 23 October 2010 Reedy (talk | contribs) changed the status of r73952 [removed: new added: deferred]