Menu

#236 parsing of URL vars breaks non-meta & and ?

phpCMS_1.2.1pl2
open
nobody
Parser (93)
5
2006-04-07
2006-04-07
Anonymous
No

Class: class.phpcms.php
Method: prepare_environment_vars

cf. http://phpcms.de/forum/index.en.html?topic=6298.0

The GET parameters are reparsed by the function
above. By default, & and ? are treated as argument
separators.This cannot be right, can it? example:

- phpcms running in stealth mode
- "how are you?john" is entered in a form, action=GET
- resulting URL:
content.htm?msg=how+are+you%3fjohn
- this is urldecoded by the webserver to
$_GET: Array (msg=how are you?john)
- prepare_environment_vars will split this up once more
into
$GLOBALS[_GET_POST]: Array (msg=how are you john='')

I think the problem here is that once the GET arguments
reach phpcms, "meta" & / ? and "textual" & / ? have
become undiscernible.

iok

Discussion

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.