Ignore:
Timestamp:
Apr 29, 2010, 12:44:30 PM (14 years ago)
Author:
plg
Message:

bug 1484: prevent XSS vulnerability, encode url.

improvement: no need to transmit the REQUEST_URI from PHP, Smarty already
knows it.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/include/block.class.php

    r5986 r5990  
    135135
    136136    $template->set_filename('menubar', $file);
    137     $template->assign(array('U_REDIRECT' => $_SERVER['REQUEST_URI']));
    138137    trigger_action('blockmanager_apply', array(&$this) );
    139138
Note: See TracChangeset for help on using the changeset viewer.