diff options
author | plegall <plg@piwigo.org> | 2011-10-04 12:48:02 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2011-10-04 12:48:02 +0000 |
commit | 72163bef70c925e4350a4ae92e1383215809d668 (patch) | |
tree | e4a6078dc822f58be9c225db12921ed77c2df69c /plugins/language_switch | |
parent | c1dd676c5c0a382d979d8e44642d904b966d6e8a (diff) |
bug 2430 fixed: prevents from cross site scripting, the URL is cleanly rewritten
git-svn-id: http://piwigo.org/svn/trunk@12342 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | plugins/language_switch/flags.tpl | 2 | ||||
-rw-r--r-- | plugins/language_switch/language_switch.inc.php | 12 |
2 files changed, 5 insertions, 9 deletions
diff --git a/plugins/language_switch/flags.tpl b/plugins/language_switch/flags.tpl index 9bf88dba6..3add5c1a2 100644 --- a/plugins/language_switch/flags.tpl +++ b/plugins/language_switch/flags.tpl @@ -19,7 +19,7 @@ {foreach from=$lang_switch.flags key=code item=flag name=f} <li> - <a rel="nofollow" href="{$SCRIPT_NAME}{$flag.url}"> + <a rel="nofollow" href="{$flag.url}"> <img class="flags" src="{$flag.img}" alt="{$flag.alt}" title="{$flag.alt}"/> {$flag.title} </a> </li> diff --git a/plugins/language_switch/language_switch.inc.php b/plugins/language_switch/language_switch.inc.php index a1d85a4ca..730705f59 100644 --- a/plugins/language_switch/language_switch.inc.php +++ b/plugins/language_switch/language_switch.inc.php @@ -100,15 +100,11 @@ UPDATE '.USER_INFOS_TABLE.' } $url_starting = get_query_string_diff(array('lang')); - + foreach ($available_lang as $code => $displayname) { - $qlc = array ( - 'url' => str_replace( - array('=&','?&'), - array('&','?'), - add_url_params($url_starting, array('lang'=> $code)) - ), + $qlc = array ( + 'url' => add_url_params(duplicate_index_url(), array('lang'=> $code)), 'alt' => ucwords($displayname), 'title' => substr($displayname, 0, -4), // remove [FR] or [RU] 'img' => get_root_url().'language/'.$code.'/'.$code.'.jpg', @@ -149,4 +145,4 @@ if (!function_exists('Componant_exists')) } } -?>
\ No newline at end of file +?> |