From e7487082c32de87efd756bf05ae8539d38cda373 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Thu, 29 Apr 2010 10:44:30 +0000
Subject: bug 1484: prevent XSS vulnerability, encode url.

improvement: no need to transmit the REQUEST_URI from PHP, Smarty already
knows it.

git-svn-id: http://piwigo.org/svn/trunk@5990 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/block.class.php | 1 -
 1 file changed, 1 deletion(-)

(limited to 'include/block.class.php')

diff --git a/include/block.class.php b/include/block.class.php
index af84330bd..e8f091741 100644
--- a/include/block.class.php
+++ b/include/block.class.php
@@ -134,7 +134,6 @@ class BlockManager
     global $template;
 
     $template->set_filename('menubar', $file);
-    $template->assign(array('U_REDIRECT' => $_SERVER['REQUEST_URI']));
     trigger_action('blockmanager_apply', array(&$this) );
 
     foreach( $this->display_blocks as $id=>$block)
-- 
cgit v1.2.3