Hi all,
While looking into a bug, I came across this piece of code in display_export.lib.php.
// If the form data is being loaded from GET data, decode it foreach($_GET as $name => $value) { if(is_string($value)) { $_GET[urldecode($name)] = urldecode($value); } }
Due to this $_GET is urldecoded twice and + signs in the sql query (which is passed inside $_GET) are replaced with spaces making it malformed. Any clue why this piece of code got in here? Or am I not seeing anything?
Le 2011-07-01 14:52, Madhura Jayaratne a écrit :
Hi all,
While looking into a bug, I came across this piece of code in display_export.lib.php.
// If the form data is being loaded from GET data, decode it foreach($_GET as $name => $value) { if(is_string($value)) { $_GET[urldecode($name)] = urldecode($value); } }
Due to this $_GET is urldecoded twice and + signs in the sql query (which is passed inside $_GET) are replaced with spaces making it malformed. Any clue why this piece of code got in here? Or am I not seeing anything?
Madhura, this came from commit 03fdce14c4bb2ac1a91cfb17a4a63b454d811b2e by Lori Lee, a GSoC 2010 student.
Maybe she remembers about it.
On Sat, Jul 2, 2011 at 5:33 PM, Marc Delisle marc@infomarc.info wrote:
Le 2011-07-01 14:52, Madhura Jayaratne a écrit :
Hi all,
While looking into a bug, I came across this piece of code in display_export.lib.php.
// If the form data is being loaded from GET data, decode it foreach($_GET as $name => $value) { if(is_string($value)) { $_GET[urldecode($name)] = urldecode($value); } }
Due to this $_GET is urldecoded twice and + signs in the sql query (which
is
passed inside $_GET) are replaced with spaces making it malformed. Any clue why this piece of code got in here? Or am I not seeing anything?
Madhura, this came from commit 03fdce14c4bb2ac1a91cfb17a4a63b454d811b2e by Lori Lee, a GSoC 2010 student.
Maybe she remembers about it.
Yes Marc, having a look at the git history for the file I also noticed
that. But I'm not sure why it needs to urldecode $_GET once again and infact it is causing the bug. Let's see if she replies.
Hi
Dne Sat, 2 Jul 2011 23:03:00 +0530 Madhura Jayaratne madhura.cj@gmail.com napsal(a):
Yes Marc, having a look at the git history for the file I also noticed that. But I'm not sure why it needs to urldecode $_GET once again and infact it is causing the bug. Let's see if she replies.
In past (and maybe it still the case) some links contained urlencoded values (for whatever reason), what might lead to this need.
The referenced commit only added is_string check, the originating code does come from 4482228f
-
Madhura Jayaratne -
Marc Delisle -
Michal Čihař