Overload url::current() and url::merge() to make the current url XSS

safe. Add tests to make sure that it doesn't relapse with future Kohana changes. Fixes ticket #983. Ref: http://gallery.menalto.com/node/93738
author: Bharat Mediratta <bharat@menalto.com> 2010-01-18 11:10:37 -0800
committer: Bharat Mediratta <bharat@menalto.com> 2010-01-18 11:10:37 -0800
commit: 0dc184e99f0ca607774a68257432a9a981f4d5b7 (patch)
tree: c80a6c2c24215bf31a3fbde974b509bd77f5e826 /modules/rss/controllers
parent: 2c2c77ea391a59f89449d07aff604bf11042515c (diff)
1 files changed, 3 insertions, 5 deletions
diff --git a/modules/rss/controllers/rss.php b/modules/rss/controllers/rss.php
index 41c781d9..3066ba16 100644
--- a/modules/rss/controllers/rss.php
+++ b/modules/rss/controllers/rss.php
@@ -52,14 +52,12 @@ class Rss_Controller extends Controller {
     $view->feed = $feed;
     $view->pub_date = date("D, d M Y H:i:s T");
 
-    $feed->uri = url::abs_site(str_replace("&", "&amp;", url::merge($_GET)));
+    $feed->uri = url::abs_site(url::merge($_GET));
     if ($page > 1) {
-      $feed->previous_page_uri =
-        url::abs_site(str_replace("&", "&amp;", url::merge(array("page" => $page - 1))));
+      $feed->previous_page_uri = url::abs_site(url::merge(array("page" => $page - 1)));
     }
     if ($page < $feed->max_pages) {
-      $feed->next_page_uri =
-        url::abs_site(str_replace("&", "&amp;", url::merge(array("page" => $page + 1))));
+      $feed->next_page_uri = url::abs_site(url::merge(array("page" => $page + 1)));
     }
 
     header("Content-Type: application/rss+xml");
author	Bharat Mediratta <bharat@menalto.com>	2010-01-18 11:10:37 -0800
committer	Bharat Mediratta <bharat@menalto.com>	2010-01-18 11:10:37 -0800
commit	0dc184e99f0ca607774a68257432a9a981f4d5b7 (patch)
tree	c80a6c2c24215bf31a3fbde974b509bd77f5e826 /modules/rss/controllers
parent	2c2c77ea391a59f89449d07aff604bf11042515c (diff)