Commit b11b2ac9 authored by Carsten  Rose's avatar Carsten Rose
Browse files

Merge branch 'B3529-no-double-urldecode-for-GET-parameters' into 'master'

B3529 - No double urldecode() of GET parameters - refs #3529, closes #3529

See merge request !104
parents f3bed4d1 493c09e4
Pipeline #1012 passed with stage
in 1 minute and 35 seconds
...@@ -252,33 +252,7 @@ class Sanitize { ...@@ -252,33 +252,7 @@ class Sanitize {
return $item; return $item;
} }
/**
* urlencode() any input and decode again. This normalizes all characters and guarantees that there are no more
* urlencoded characters.
*
* @param array|string $item
*
* @return array|string
* @throws CodeException
*/
public static function urlDecodeArr($item) {
if (is_array($item)) {
foreach ($item as $key => $value) {
$value = self::urlDecodeArr($value);
$item[$key] = $value;
}
} else {
if (is_string($item)) {
$item = urldecode($item);
} elseif (!is_numeric($item)) {
throw new qfq\CodeException ("Expect type 'string / numeric / array' - but there is something else.", ERROR_UNEXPECTED_TYPE);
}
}
return $item;
}
/** /**
* Check a given $_GET[$key] is digit. * Check a given $_GET[$key] is digit.
......
...@@ -35,7 +35,7 @@ class Client { ...@@ -35,7 +35,7 @@ class Client {
Sanitize::digitCheckAndCleanGet(CLIENT_PAGE_LANGUAGE); Sanitize::digitCheckAndCleanGet(CLIENT_PAGE_LANGUAGE);
if (isset($_GET)) { if (isset($_GET)) {
$get = Sanitize::urlDecodeArr($_GET); $get = $_GET; // do not use urldecode() - http://php.net/manual/de/function.urldecode.php#refsect1-function.urldecode-notes
} }
if (isset($_POST)) { if (isset($_POST)) {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment