Changeset 12342


Ignore:
Timestamp:
10/04/11 14:48:02 (8 years ago)
Author:
plg
Message:

bug 2430 fixed: prevents from cross site scripting, the URL is cleanly rewritten

Location:
trunk/plugins/language_switch
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/plugins/language_switch/flags.tpl

    r12104 r12342  
    2020{foreach from=$lang_switch.flags key=code item=flag name=f} 
    2121          <li> 
    22             <a rel="nofollow" href="{$SCRIPT_NAME}{$flag.url}"> 
     22            <a rel="nofollow" href="{$flag.url}"> 
    2323              <img class="flags" src="{$flag.img}" alt="{$flag.alt}" title="{$flag.alt}"/> {$flag.title} 
    2424            </a> 
  • trunk/plugins/language_switch/language_switch.inc.php

    r12104 r12342  
    101101     
    102102    $url_starting = get_query_string_diff(array('lang')); 
    103      
     103 
    104104    foreach ($available_lang as $code => $displayname) 
    105105    { 
    106       $qlc = array (  
    107         'url' => str_replace( 
    108           array('=&amp;','?&amp;'), 
    109           array('&amp;','?'), 
    110           add_url_params($url_starting, array('lang'=> $code)) 
    111           ), 
     106      $qlc = array ( 
     107        'url' => add_url_params(duplicate_index_url(), array('lang'=> $code)), 
    112108        'alt' => ucwords($displayname), 
    113109        'title' => substr($displayname, 0, -4), // remove [FR] or [RU] 
Note: See TracChangeset for help on using the changeset viewer.