bug 2430 fixed: prevents from cross site scripting, the URL is cleanly rewritten

git-svn-id: http://piwigo.org/svn/trunk@12342 68402e56-0260-453c-a942-63ccdbb3a9ee

plugins/language_switch/flags.tpl

@@ -19,7 +19,7 @@
 
 {foreach from=$lang_switch.flags key=code item=flag name=f}
           <li>
-            <a rel="nofollow" href="{$SCRIPT_NAME}{$flag.url}">
+            <a rel="nofollow" href="{$flag.url}">
               <img class="flags" src="{$flag.img}" alt="{$flag.alt}" title="{$flag.alt}"/> {$flag.title}
             </a>
           </li>

plugins/language_switch/language_switch.inc.php

@@ -104,11 +104,7 @@ UPDATE '.USER_INFOS_TABLE.'
     foreach ($available_lang as $code => $displayname)
     {
       $qlc = array (
-        'url' => str_replace(
-          array('=&','?&'),
-          array('&','?'),
-          add_url_params($url_starting, array('lang'=> $code))
-          ),
+        'url' => add_url_params(duplicate_index_url(), array('lang'=> $code)),
         'alt' => ucwords($displayname),
         'title' => substr($displayname, 0, -4), // remove [FR] or [RU]
         'img' => get_root_url().'language/'.$code.'/'.$code.'.jpg',