Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-13280

$user->page['page'] is invalid resulting in confirm_box() not working correctly

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 3.1.2-RC1
    • 3.1.1
    • Sessions
    • None

      The $user->page['page'] value is no longer valid as a result of the query string being htmlspecialcharred. This causes problems down the road when functions such as build_url() and confirm_box() make use of it. See https://tracker.phpbb.com/browse/PHPBB3-13279 and

      <bonelifer> can someone try and delete a Bookmark? I can't on .com
      I get a do you want to dialog, I say yes and instead of taking me back to the manage bookmarks page it kicks me back to the UCP --> Front Page
      I go back to the Manage Bookmarks page, and it hasn't deleted the bookmark

      In phpbb\session.extract_current_page() we call Symfony\Component\HttpFoundation\Request.getQueryString()... which calls that class's normalizeQueryString method:

      $args = explode('&', $symfony_request->getQueryString());

      normalizeQueryString expects & to be the delimiter (note our same assumption above):

      foreach (explode('&', $qs) as $param) {

      The end result looks similar to the following: 

      mcp.php?amp%3Bf=2&%3Bp=12166&i=queue

            nicofuma nicofuma
            prototech prototech [X] (Inactive)
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: