diff options
| author | Christian Schneider | 2007-11-09 16:55:02 +0000 |
|---|---|---|
| committer | Christian Schneider | 2007-11-09 16:55:02 +0000 |
| commit | caa3b7a299b119cf7891ea6f4f7bf3a5ba470b6e (patch) | |
| tree | 451b0328dfbc9b5225cd8112388bc7b80e7fa78f /it_html.class | |
| parent | 7be29551991ac26200fda5546fd4b92afa20757d (diff) | |
| download | itools-caa3b7a299b119cf7891ea6f4f7bf3a5ba470b6e.tar.gz itools-caa3b7a299b119cf7891ea6f4f7bf3a5ba470b6e.tar.bz2 itools-caa3b7a299b119cf7891ea6f4f7bf3a5ba470b6e.zip | |
No need to untaint base in U() so far
Diffstat (limited to 'it_html.class')
| -rw-r--r-- | it_html.class | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/it_html.class b/it_html.class index 08904a8..b44dd09 100644 --- a/it_html.class +++ b/it_html.class @@ -436,7 +436,7 @@ function u(/* ... */) list($base, $params) = it_html::_parse_args($args); if (!isset($base)) - it_untaint($base = $_SERVER['PHP_SELF']); + $base = $_SERVER['PHP_SELF']; $base = preg_replace('|\0|', '', $base); $base = preg_replace('|[^\w.+!*(),:?@&=/~$-]|e', 'urlencode("$0")', $base); |