diff options
author | Dries Buytaert <dries@buytaert.net> | 2009-12-05 20:17:02 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2009-12-05 20:17:02 +0000 |
commit | ab78dadd5166cce0b09adea43fcd1b8eaf70d440 (patch) | |
tree | 9cbf85d5fec6f7d9b86196ec7cecc53ba1d0329e /includes/pager.inc | |
parent | 5b6acba1d2d9d3039fca231ccfc82585fce66590 (diff) | |
download | brdo-ab78dadd5166cce0b09adea43fcd1b8eaf70d440.tar.gz brdo-ab78dadd5166cce0b09adea43fcd1b8eaf70d440.tar.bz2 |
- Patch #520764 by Damien Tournoud, JoshuaRogers, brianV: fixed SA-CORE-2009-007: request values in URL, including password/username.
Diffstat (limited to 'includes/pager.inc')
-rw-r--r-- | includes/pager.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/pager.inc b/includes/pager.inc index 211fe9a76..7430cfe8c 100644 --- a/includes/pager.inc +++ b/includes/pager.inc @@ -180,7 +180,7 @@ class PagerDefault extends SelectQueryExtender { function pager_get_query_parameters() { $query = &drupal_static(__FUNCTION__); if (!isset($query)) { - $query = drupal_get_query_parameters($_REQUEST, array_merge(array('q', 'page'), array_keys($_COOKIE))); + $query = drupal_get_query_parameters($_GET, array('q', 'page')); } return $query; } |