From ea8659f141fd14165af05bd9cd06bf95919447f2 Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Wed, 20 Mar 2019 15:52:50 +0100 Subject: init.php: do not try to decode %## - it should never appear in valid queries - simply delete it --- init.php | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/init.php b/init.php index 993723e..3ea1c4d 100644 --- a/init.php +++ b/init.php @@ -1,31 +1,32 @@ $val) { - $old = ''; - while ($old != $_GET[$key]) { - $old = $_GET[$key]; - $_GET[$key] = urldecode($_GET[$key]); - } - $_GET[$key] = htmlspecialchars($_GET[$key]); + $_GET[$key] = + htmlspecialchars( + preg_replace( + '/%.?.?/', '', + $_GET[$key] + ) + ); } -- cgit v1.2.3-70-g09d2