Hi all,

While looking into a bug, I came across this piece of code in display_export.lib.php. 

// If the form data is being loaded from GET data, decode it
foreach($_GET as $name => $value) {
    if(is_string($value)) {
        $_GET[urldecode($name)] = urldecode($value);
    }
}

Due to this $_GET is urldecoded twice and + signs in the sql query (which is passed inside $_GET) are replaced with spaces making it malformed.
Any clue why this piece of code got in here? Or am I not seeing anything?

--
Thanks and Regards,

Madhura Jayaratne