On Sat, Jul 2, 2011 at 5:33 PM, Marc Delisle <marc(a)infomarc.info> wrote:
Le 2011-07-01 14:52, Madhura Jayaratne a écrit :
Hi all,
While looking into a bug, I came across this piece of code in
display_export.lib.php.
// If the form data is being loaded from GET data, decode it
foreach($_GET as $name => $value) {
if(is_string($value)) {
$_GET[urldecode($name)] = urldecode($value);
}
}
Due to this $_GET is urldecoded twice and + signs in the sql query (which
is
passed inside $_GET) are replaced with spaces
making it malformed.
Any clue why this piece of code got in here? Or am I not seeing anything?
Madhura,
this came from commit 03fdce14c4bb2ac1a91cfb17a4a63b454d811b2e by Lori
Lee, a GSoC 2010 student.
Maybe she remembers about it.
Yes Marc, having a look at the git history for the file I also noticed
that. But
I'm not sure why it needs to urldecode $_GET once again and infact
it is causing the bug. Let's see if she replies.
--
Thanks and Regards,
Madhura Jayaratne