2009-01-08, 09:57 PM
Hi,
i noticed an issue with fetch_wol_activity function.
Basically if the client sends & instead of & in the URL request, MyBB's parses incorrectly the parameters.
The piece of code causing the problem is:
We should check that is encoded or not.
i noticed an issue with fetch_wol_activity function.
Basically if the client sends & instead of & in the URL request, MyBB's parses incorrectly the parameters.
The piece of code causing the problem is:
$split_loc = explode(".php", $location);
if($split_loc[0] == $user['location'])
{
$filename = '';
}
else
{
$filename = my_substr($split_loc[0], -my_strpos(strrev($split_loc[0]), "/"));
}
if($split_loc[1])
{
$temp = explode("&", my_substr($split_loc[1], 1));
foreach($temp as $param)
{
$temp2 = explode("=", $param, 2);
$parameters[$temp2[0]] = $temp2[1];
}
}
We should check that is encoded or not.