Changeset 12342


Ignore:
Timestamp:
Oct 4, 2011, 2:48:02 PM (9 years ago)
Author:
plg
Message:

bug 2430 fixed: prevents from cross site scripting, the URL is cleanly rewritten

Location:
trunk/plugins/language_switch
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/plugins/language_switch/flags.tpl

    r12104 r12342  
    2020{foreach from=$lang_switch.flags key=code item=flag name=f}
    2121          <li>
    22             <a rel="nofollow" href="{$SCRIPT_NAME}{$flag.url}">
     22            <a rel="nofollow" href="{$flag.url}">
    2323              <img class="flags" src="{$flag.img}" alt="{$flag.alt}" title="{$flag.alt}"/> {$flag.title}
    2424            </a>
  • trunk/plugins/language_switch/language_switch.inc.php

    r12104 r12342  
    101101   
    102102    $url_starting = get_query_string_diff(array('lang'));
    103    
     103
    104104    foreach ($available_lang as $code => $displayname)
    105105    {
    106       $qlc = array (
    107         'url' => str_replace(
    108           array('=&amp;','?&amp;'),
    109           array('&amp;','?'),
    110           add_url_params($url_starting, array('lang'=> $code))
    111           ),
     106      $qlc = array (
     107        'url' => add_url_params(duplicate_index_url(), array('lang'=> $code)),
    112108        'alt' => ucwords($displayname),
    113109        'title' => substr($displayname, 0, -4), // remove [FR] or [RU]
Note: See TracChangeset for help on using the changeset viewer.