Skip to content

Commit

Permalink
bug 2430 fixed: prevents from cross site scripting, the URL is cleanl…
Browse files Browse the repository at this point in the history 
…y rewritten

git-svn-id: http://piwigo.org/svn/trunk@12342 68402e56-0260-453c-a942-63ccdbb3a9ee
  • Loading branch information
@plegall
plegall committed Oct 4, 2011
1 parent c1dd676 commit 72163be
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 9 deletions.
2 changes: 1 addition & 1 deletion plugins/language_switch/flags.tpl
View file
Expand Up @@ -19,7 +19,7 @@

{foreach from=$lang_switch.flags key=code item=flag name=f}
<li>
<a rel="nofollow" href="{$SCRIPT_NAME}{$flag.url}">
<a rel="nofollow" href="{$flag.url}">
<img class="flags" src="{$flag.img}" alt="{$flag.alt}" title="{$flag.alt}"/> {$flag.title}
</a>
</li>
Expand Down
12 changes: 4 additions & 8 deletions plugins/language_switch/language_switch.inc.php
View file
Expand Up @@ -100,15 +100,11 @@ static public function _flags()
}

$url_starting = get_query_string_diff(array('lang'));

foreach ($available_lang as $code => $displayname)
{
$qlc = array (
'url' => str_replace(
array('=&amp;','?&amp;'),
array('&amp;','?'),
add_url_params($url_starting, array('lang'=> $code))
),
$qlc = array (
'url' => add_url_params(duplicate_index_url(), array('lang'=> $code)),
'alt' => ucwords($displayname),
'title' => substr($displayname, 0, -4), // remove [FR] or [RU]
'img' => get_root_url().'language/'.$code.'/'.$code.'.jpg',
Expand Down Expand Up @@ -149,4 +145,4 @@ function Componant_exists($path, $file)
}
}

?>
?>

0 comments on commit 72163be

Please sign in to comment.