[MediaWiki-CVS] SVN: [73952] trunk/extensions/SemanticForms/includes/SF_ParserFunctions.php

Wed, 29 Sep 2010 08:56:56 -0700 

http://www.mediawiki.org/wiki/Special:Code/MediaWiki/73952

Revision: 73952
Author:   yaron
Date:     2010-09-29 15:56:52 +0000 (Wed, 29 Sep 2010)

Log Message:
-----------
Fix for ampersands in field names and variables within 'query string' parameter 
in both #forminput and #formlink

Modified Paths:
--------------
    trunk/extensions/SemanticForms/includes/SF_ParserFunctions.php

Modified: trunk/extensions/SemanticForms/includes/SF_ParserFunctions.php
===================================================================
--- trunk/extensions/SemanticForms/includes/SF_ParserFunctions.php      
2010-09-29 15:54:43 UTC (rev 73951)
+++ trunk/extensions/SemanticForms/includes/SF_ParserFunctions.php      
2010-09-29 15:56:52 UTC (rev 73952)
@@ -171,6 +171,10 @@
                        // has to be turned into hidden inputs
                        if ( $inLinkType == 'post button' ) {
                                $hidden_inputs = "";
+                               // Change HTML-encoded ampersands to
+                               // URL-encoded ampersands, so that the string
+                               // doesn't get split up on the '&'.
+                               $inQueryStr = str_replace( '&', '%26', 
$inQueryStr );
                                $query_components = explode( '&', $inQueryStr );
                                foreach ( $query_components as $query_component 
) {
                                        $query_component = urldecode( 
$query_component );
@@ -181,9 +185,11 @@
                                }
                        } else {
                                $link_url .= ( strstr( $link_url, '?' ) ) ? '&' 
: '?';
-                               // URL-encode any spaces or plus-signs in the 
query string
-                               $inQueryStr = str_replace( array( ' ', '+' ),
-                                       array( '%20', '%2B' ),
+                               // URL-encode any spaces, plus-signs or
+                               // ampersands in the query string
+                               // (should this just be a general urlencode?)
+                               $inQueryStr = str_replace( array( ' ', '+', 
'&' ),
+                                       array( '%20', '%2B', '%26' ),
                                        $inQueryStr );
                                $link_url .= $inQueryStr;
                        }
@@ -301,9 +307,15 @@
                } else {
                        $str .= '                       <input type="hidden" 
name="form" value="' . $inFormName . '">' . "\n";
                }
-               // recreate the passed-in query string as a set of hidden 
variables
+               // Recreate the passed-in query string as a set of hidden
+               // variables.
+               // Change HTML-encoded ampersands to URL-encoded ampersands, so
+               // that the string doesn't get split up on the '&'.
+               $inQueryStr = str_replace( '&amp;', '%26', $inQueryStr );
                $query_components = explode( '&', $inQueryStr );
                foreach ( $query_components as $component ) {
+                       // change URL-encoded ampersands back
+                       $component = str_replace( '%26', '&', $component );
                        $subcomponents = explode( '=', $component, 2 );
                        $key = ( isset( $subcomponents[0] ) ) ? 
$subcomponents[0] : '';
                        $val = ( isset( $subcomponents[1] ) ) ? 
$subcomponents[1] : '';



_______________________________________________
MediaWiki-CVS mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-cvs

Reply via email to