[dev] Re: ignoring the url generation bug in imp

Anil Madhavapeddy anil@recoil.org
Sun, 19 Nov 2000 12:26:19 +0000

Previous message: ignoring the url generation bug in imp
Next message: [dev] Re: ignoring the url generation bug in imp
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Anil Madhavapeddy <anil@recoil.org>:

> Quoting Marc Lehmann <pcg@goof.com>:
> 
> > If you read the php manual about the url escaping functions you will see
> > that this is explicitly mentioned as a very common bug (I'd say it's a
> > typical php bug ;), including the exact reference in the html standard,
> > which also mentions this bug _explicitly_.
> > 
> 
> Now we are getting somewhere!  I hadn't seen this particular 
> reference before.  It seems to be a trivial fix.  Why don't we just
> stick a htmlentities in the Horde::url() function ?  That should
> keep everyone happy.
> 

I gave this a quick spin and it seems to work fine.  We just
have to make sure that no calls to Horde::url already apply
a htmlspecialchars() to its contents I think.

Index: lib/Horde.php
===================================================================
RCS file: /cvs/horde/horde/lib/Horde.php,v
retrieving revision 1.62
diff -u -r1.62 Horde.php
--- lib/Horde.php       2000/11/18 04:33:32     1.62
+++ lib/Horde.php       2000/11/19 12:18:38
@@ -296,7 +296,7 @@
                 urlencode(session_name()) . '=' . session_id();
         }

-        return $url;
+        return htmlentities($url);
     }

     /**

-- 
Anil Madhavapeddy, <anil@recoil.org>

Previous message: ignoring the url generation bug in imp
Next message: [dev] Re: ignoring the url generation bug in imp
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]