Commit 1a3f0ddb authored by Steven Wittens's avatar Steven Wittens
Browse files

- #23685: urlencode() profile field names and values in the URL (any dynamic...

- #23685: urlencode() profile field names and values in the URL (any dynamic data in an url should be urlencoded to prevent characters like # and & from being interpreted by the browser/server).
parent 6c4318d2
......@@ -269,7 +269,7 @@ function profile_view_field($user, $field) {
$fields = array();
foreach ($values as $value) {
if ($value = trim($value)) {
$fields[] = $browse ? l($value, "profile/$field->name/$value") : check_plain($value);
$fields[] = $browse ? l($value, "profile/". urlencode($field->name) ."/". urlencode($value)) : check_plain($value);
}
}
return implode(', ', $fields);
......
......@@ -269,7 +269,7 @@ function profile_view_field($user, $field) {
$fields = array();
foreach ($values as $value) {
if ($value = trim($value)) {
$fields[] = $browse ? l($value, "profile/$field->name/$value") : check_plain($value);
$fields[] = $browse ? l($value, "profile/". urlencode($field->name) ."/". urlencode($value)) : check_plain($value);
}
}
return implode(', ', $fields);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment