Merge branch 'develop'

bnu · bnu · commit a47a81c43d3b · 2018-08-01T15:05:05.000+09:00
diff --git a/config/func.inc.php b/config/func.inc.php
@@ -479,7 +479,7 @@ function getFullSiteUrl()
 function getCurrentPageUrl()
 {
 	$protocol = $_SERVER['HTTPS'] == 'on' ? 'https://' : 'http://';
-	$url = $protocol . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+	$url = $protocol . $_SERVER['HTTP_HOST'] . preg_replace('/[<>"]/', '', $_SERVER['REQUEST_URI']);
 	return htmlspecialchars($url, ENT_COMPAT, 'UTF-8', FALSE);
 }
 
@@ -1365,7 +1365,7 @@ function getScriptPath()
  */
 function getRequestUriByServerEnviroment()
 {
-	return str_replace('<', '&lt;', $_SERVER['REQUEST_URI']);
+	return str_replace('<', '&lt;', preg_replace('/[<>"]/', '', $_SERVER['REQUEST_URI']));
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -479,7 +479,7 @@ function getFullSiteUrl()`
`479`	`479`	`function getCurrentPageUrl()`
`480`	`480`	`{`
`481`	`481`	`$protocol = $_SERVER['HTTPS'] == 'on' ? 'https://' : 'http://';`
`482`		`- $url = $protocol . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];`
	`482`	`+ $url = $protocol . $_SERVER['HTTP_HOST'] . preg_replace('/[<>"]/', '', $_SERVER['REQUEST_URI']);`
`483`	`483`	`return htmlspecialchars($url, ENT_COMPAT, 'UTF-8', FALSE);`
`484`	`484`	`}`
`485`	`485`
`@@ -1365,7 +1365,7 @@ function getScriptPath()`
`1365`	`1365`	`*/`
`1366`	`1366`	`function getRequestUriByServerEnviroment()`
`1367`	`1367`	`{`
`1368`		`- return str_replace('<', '<', $_SERVER['REQUEST_URI']);`
	`1368`	`+ return str_replace('<', '<', preg_replace('/[<>"]/', '', $_SERVER['REQUEST_URI']));`
`1369`	`1369`	`}`
`1370`	`1370`
`1371`	`1371`	`/**`