From 131f626815a306488b724c67b9df852e36200f62 Mon Sep 17 00:00:00 2001 From: Tony Murray Date: Wed, 14 Jul 2021 09:26:33 -0500 Subject: [PATCH] Don't add %3F=yes to the url (#13041) * Don't add %3F=yes to the url... * introduce variable --- includes/html/vars.inc.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/includes/html/vars.inc.php b/includes/html/vars.inc.php index 56aeb0f190..018a3220b5 100644 --- a/includes/html/vars.inc.php +++ b/includes/html/vars.inc.php @@ -14,11 +14,13 @@ foreach ($_GET as $key => $get_var) { } $base_url = parse_url(Config::get('base_url')); +$uri = explode('?', $_SERVER['REQUEST_URI'], 2)[0] ?? ''; // remove query, that is handled below with $_GET + // don't parse the subdirectory, if there is one in the path if (isset($base_url['path']) && strlen($base_url['path']) > 1) { - $segments = explode('/', trim(str_replace($base_url['path'], '', $_SERVER['REQUEST_URI']), '/')); + $segments = explode('/', trim(str_replace($base_url['path'], '', $uri), '/')); } else { - $segments = explode('/', trim($_SERVER['REQUEST_URI'], '/')); + $segments = explode('/', trim($uri, '/')); } foreach ($segments as $pos => $segment) { @@ -49,4 +51,4 @@ foreach ($_POST as $name => $value) { } // don't leak login data -unset($vars['username'], $vars['password']); +unset($vars['username'], $vars['password'], $uri, $base_url);