From 1a3f0ddb86c0c458fdf039bf16015a07e96b9595 Mon Sep 17 00:00:00 2001
From: Steven Wittens <steven@10.no-reply.drupal.org>
Date: Wed, 1 Jun 2005 04:29:57 +0000
Subject: - #23685: urlencode() profile field names and values in the URL (any
 dynamic data in an url should be urlencoded to prevent characters like # and
 & from being interpreted by the browser/server).

---
 modules/profile.module         | 2 +-
 modules/profile/profile.module | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules')

diff --git a/modules/profile.module b/modules/profile.module
index c8b57af57..9ad55bc57 100644
--- a/modules/profile.module
+++ b/modules/profile.module
@@ -269,7 +269,7 @@ function profile_view_field($user, $field) {
         $fields = array();
         foreach ($values as $value) {
           if ($value = trim($value)) {
-            $fields[] = $browse ? l($value, "profile/$field->name/$value") : check_plain($value);
+            $fields[] = $browse ? l($value, "profile/". urlencode($field->name) ."/". urlencode($value)) : check_plain($value);
           }
         }
         return implode(', ', $fields);
diff --git a/modules/profile/profile.module b/modules/profile/profile.module
index c8b57af57..9ad55bc57 100644
--- a/modules/profile/profile.module
+++ b/modules/profile/profile.module
@@ -269,7 +269,7 @@ function profile_view_field($user, $field) {
         $fields = array();
         foreach ($values as $value) {
           if ($value = trim($value)) {
-            $fields[] = $browse ? l($value, "profile/$field->name/$value") : check_plain($value);
+            $fields[] = $browse ? l($value, "profile/". urlencode($field->name) ."/". urlencode($value)) : check_plain($value);
           }
         }
         return implode(', ', $fields);
-- 
cgit v1.2.3