diff options
author | Steven Wittens <steven@10.no-reply.drupal.org> | 2005-06-01 04:29:57 +0000 |
---|---|---|
committer | Steven Wittens <steven@10.no-reply.drupal.org> | 2005-06-01 04:29:57 +0000 |
commit | 1a3f0ddb86c0c458fdf039bf16015a07e96b9595 (patch) | |
tree | 7537986016067aa961a01982c5b352344c73a609 /modules | |
parent | 6c4318d21fb08a1969d6b5dfe0552b2987b78bfd (diff) | |
download | brdo-1a3f0ddb86c0c458fdf039bf16015a07e96b9595.tar.gz brdo-1a3f0ddb86c0c458fdf039bf16015a07e96b9595.tar.bz2 |
- #23685: urlencode() profile field names and values in the URL (any dynamic data in an url should be urlencoded to prevent characters like # and & from being interpreted by the browser/server).
Diffstat (limited to 'modules')
-rw-r--r-- | modules/profile.module | 2 | ||||
-rw-r--r-- | modules/profile/profile.module | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/modules/profile.module b/modules/profile.module index c8b57af57..9ad55bc57 100644 --- a/modules/profile.module +++ b/modules/profile.module @@ -269,7 +269,7 @@ function profile_view_field($user, $field) { $fields = array(); foreach ($values as $value) { if ($value = trim($value)) { - $fields[] = $browse ? l($value, "profile/$field->name/$value") : check_plain($value); + $fields[] = $browse ? l($value, "profile/". urlencode($field->name) ."/". urlencode($value)) : check_plain($value); } } return implode(', ', $fields); diff --git a/modules/profile/profile.module b/modules/profile/profile.module index c8b57af57..9ad55bc57 100644 --- a/modules/profile/profile.module +++ b/modules/profile/profile.module @@ -269,7 +269,7 @@ function profile_view_field($user, $field) { $fields = array(); foreach ($values as $value) { if ($value = trim($value)) { - $fields[] = $browse ? l($value, "profile/$field->name/$value") : check_plain($value); + $fields[] = $browse ? l($value, "profile/". urlencode($field->name) ."/". urlencode($value)) : check_plain($value); } } return implode(', ', $fields); |