From 72163bef70c925e4350a4ae92e1383215809d668 Mon Sep 17 00:00:00 2001 From: plegall Date: Tue, 4 Oct 2011 12:48:02 +0000 Subject: bug 2430 fixed: prevents from cross site scripting, the URL is cleanly rewritten git-svn-id: http://piwigo.org/svn/trunk@12342 68402e56-0260-453c-a942-63ccdbb3a9ee --- plugins/language_switch/flags.tpl | 2 +- plugins/language_switch/language_switch.inc.php | 12 ++++-------- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/plugins/language_switch/flags.tpl b/plugins/language_switch/flags.tpl index 9bf88dba6..3add5c1a2 100644 --- a/plugins/language_switch/flags.tpl +++ b/plugins/language_switch/flags.tpl @@ -19,7 +19,7 @@ {foreach from=$lang_switch.flags key=code item=flag name=f}
  • - + {$flag.alt} {$flag.title}
    • diff --git a/plugins/language_switch/language_switch.inc.php b/plugins/language_switch/language_switch.inc.php index a1d85a4ca..730705f59 100644 --- a/plugins/language_switch/language_switch.inc.php +++ b/plugins/language_switch/language_switch.inc.php @@ -100,15 +100,11 @@ UPDATE '.USER_INFOS_TABLE.' } $url_starting = get_query_string_diff(array('lang')); - + foreach ($available_lang as $code => $displayname) { - $qlc = array ( - 'url' => str_replace( - array('=&','?&'), - array('&','?'), - add_url_params($url_starting, array('lang'=> $code)) - ), + $qlc = array ( + 'url' => add_url_params(duplicate_index_url(), array('lang'=> $code)), 'alt' => ucwords($displayname), 'title' => substr($displayname, 0, -4), // remove [FR] or [RU] 'img' => get_root_url().'language/'.$code.'/'.$code.'.jpg', @@ -149,4 +145,4 @@ if (!function_exists('Componant_exists')) } } -?> \ No newline at end of file +?> -- cgit v1.2.3