MyBB Community Forums

Full Version: [D] fetch_wol_activity Issue
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi,

i noticed an issue with fetch_wol_activity function.

Basically if the client sends & instead of & in the URL request, MyBB's parses incorrectly the parameters.

The piece of code causing the problem is:
	$split_loc = explode(".php", $location);
	if($split_loc[0] == $user['location'])
	{
		$filename = '';
	}
	else
	{
		$filename = my_substr($split_loc[0], -my_strpos(strrev($split_loc[0]), "/"));
	}
	if($split_loc[1])
	{
		$temp = explode("&", my_substr($split_loc[1], 1));
		foreach($temp as $param)
		{
			$temp2 = explode("=", $param, 2);
			$parameters[$temp2[0]] = $temp2[1];
		}
	}

We should check that is encoded or not.