Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-13280

$user->page['page'] is invalid resulting in confirm_box() not working correctly

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.1
    • Fix Version/s: 3.1.2-RC1
    • Component/s: Sessions
    • Labels:
      None

      Description

      The $user->page['page'] value is no longer valid as a result of the query string being htmlspecialcharred. This causes problems down the road when functions such as build_url() and confirm_box() make use of it. See https://tracker.phpbb.com/browse/PHPBB3-13279 and

      <bonelifer> can someone try and delete a Bookmark? I can't on .com
      I get a do you want to dialog, I say yes and instead of taking me back to the manage bookmarks page it kicks me back to the UCP --> Front Page
      I go back to the Manage Bookmarks page, and it hasn't deleted the bookmark

      In phpbb\session.extract_current_page() we call Symfony\Component\HttpFoundation\Request.getQueryString()... which calls that class's normalizeQueryString method:

      $args = explode('&', $symfony_request->getQueryString());
      

      normalizeQueryString expects & to be the delimiter (note our same assumption above):

      foreach (explode('&', $qs) as $param) {
      

      The end result looks similar to the following:

      mcp.php?amp%3Bf=2&%3Bp=12166&i=queue

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                nicofuma nicofuma
                Reporter:
                prototech prototech
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: