From 197e18727f7040bd95955282099e937995897f5d Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Tue, 1 Apr 2008 00:38:07 +0200
Subject: Make sure there is never posted data on GET requests

This is an addition to the previous patch to make sure there can not
accidentally $data be passed on a GET request.

darcs-hash:20080331223807-7ad00-0f03763f15a9d907da6a53ed8b3c3e55b906fbc7.gz
---
 inc/HTTPClient.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'inc/HTTPClient.php')

diff --git a/inc/HTTPClient.php b/inc/HTTPClient.php
index e263989a4..ed0a3aec6 100644
--- a/inc/HTTPClient.php
+++ b/inc/HTTPClient.php
@@ -197,6 +197,8 @@ class HTTPClient {
             }
             $headers['Content-Length'] = strlen($data);
             $rmethod = 'POST';
+        }elseif($method == 'GET'){
+            $data = ''; //no data allowed on GET requests
         }
         if($this->user) {
             $headers['Authorization'] = 'Basic '.base64_encode($this->user.':'.$this->pass);
-- 
cgit v1.2.3