PhpDig.net

PhpDig.net (http://www.phpdig.net/forum/index.php)
-   Bug Tracker (http://www.phpdig.net/forum/forumdisplay.php?f=27)
-   -   Tiny unimportant bug with urldecode (http://www.phpdig.net/forum/showthread.php?t=282)

renehaentjens 12-09-2003 03:42 AM
Tiny unimportant bug with urldecode
 
In search_function.php (1.6.5) there is an urldecode in lines 80 and 90. I'm almost sure that these should be taken out. The web server does the urldecode for you...

The calls are harmless in 99.999% of the cases, but it is possible to construct a very artificial example where things go wrong.

You need a site where pages can contain words that contain two hex digits, for example 'E9X1', 'E9X2' etc.

Then, when you search with a query_string = % E 9 X (words begin) and find more hits than fit on one page, the first page of search results is OK (% is ignored as word separator) but you'll loose the rest when navigating to the second page of the search results.

Charter 12-10-2003 08:31 AM
Hi. Can you give a link to the page containing hex digits and a link to the search page?

renehaentjens 12-10-2003 11:26 PM
Here's the complete site
 
Here's the complete site. Just index it, search for "p f x - % E 9 X" (words begin) and navigate to the second page of search results to find them gone.

Quote:
<?php
if ($link = (get_magic_quotes_gpc()) ?
stripslashes($_GET['link']) : $_GET['link'])
// no (raw)urldecode needed here, that is automatically done for you
{
echo '<h1>', htmlspecialchars($link), '</h1>';

// mysql_query("SELECT `url` FROM `link_table` WHERE `link`='" .
// addslashes($link) . "'");
}
else
{
echo '<h1>Links</h1><ul>';
foreach (array("pfx-Apo'strophe", 'pfx-Quo"te', "pfx-Back\slash",
"pfx-Greater>than", "pfx-Less<than", "pfx-Amper&sand",
"pfx-coefficiënt", "pfx-façade", "pfx-tête-Ã*-tête",
"pfx-%E9-01", "pfx-%E9-02", "pfx-%E9-03", "pfx-%E9-04",
"pfx-%E9-05", "pfx-%E9-06", "pfx-%E9-07", "pfx-%E9-08",
"pfx-%E9-09", "pfx-%E9-10", "pfx-%E9-11", "pfx-%E9-12",
"pfx-S p a c e")
as $link)
{
echo '<li><a href="site.php?link=' . rawurlencode($link) . '">' .
htmlspecialchars($link) . '</a></li>';
}
echo '</ul>';
}
?>


All times are GMT -8. The time now is 01:02 AM.

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Copyright © 2001 - 2005, ThinkDing LLC. All Rights Reserved.