aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2011-10-04 12:48:02 +0000
committerplegall <plg@piwigo.org>2011-10-04 12:48:02 +0000
commit72163bef70c925e4350a4ae92e1383215809d668 (patch)
treee4a6078dc822f58be9c225db12921ed77c2df69c
parentc1dd676c5c0a382d979d8e44642d904b966d6e8a (diff)
bug 2430 fixed: prevents from cross site scripting, the URL is cleanly rewritten
git-svn-id: http://piwigo.org/svn/trunk@12342 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--plugins/language_switch/flags.tpl2
-rw-r--r--plugins/language_switch/language_switch.inc.php12
2 files changed, 5 insertions, 9 deletions
diff --git a/plugins/language_switch/flags.tpl b/plugins/language_switch/flags.tpl
index 9bf88dba6..3add5c1a2 100644
--- a/plugins/language_switch/flags.tpl
+++ b/plugins/language_switch/flags.tpl
@@ -19,7 +19,7 @@
{foreach from=$lang_switch.flags key=code item=flag name=f}
<li>
- <a rel="nofollow" href="{$SCRIPT_NAME}{$flag.url}">
+ <a rel="nofollow" href="{$flag.url}">
<img class="flags" src="{$flag.img}" alt="{$flag.alt}" title="{$flag.alt}"/> {$flag.title}
</a>
</li>
diff --git a/plugins/language_switch/language_switch.inc.php b/plugins/language_switch/language_switch.inc.php
index a1d85a4ca..730705f59 100644
--- a/plugins/language_switch/language_switch.inc.php
+++ b/plugins/language_switch/language_switch.inc.php
@@ -100,15 +100,11 @@ UPDATE '.USER_INFOS_TABLE.'
}
$url_starting = get_query_string_diff(array('lang'));
-
+
foreach ($available_lang as $code => $displayname)
{
- $qlc = array (
- 'url' => str_replace(
- array('=&amp;','?&amp;'),
- array('&amp;','?'),
- add_url_params($url_starting, array('lang'=> $code))
- ),
+ $qlc = array (
+ 'url' => add_url_params(duplicate_index_url(), array('lang'=> $code)),
'alt' => ucwords($displayname),
'title' => substr($displayname, 0, -4), // remove [FR] or [RU]
'img' => get_root_url().'language/'.$code.'/'.$code.'.jpg',
@@ -149,4 +145,4 @@ if (!function_exists('Componant_exists'))
}
}
-?> \ No newline at end of file
+?>