* Rewrote r69952, profileinfo.php XSS fix. It was probably safe, but it seemed very...

* Renamed makeurl() to something more descriptive and less likely to conflict with extensions.

diff --git a/profileinfo.php b/profileinfo.php
index 9ef91a4..3ee5880 100644 (file)
--- a/profileinfo.php
+++ b/profileinfo.php
@@ -103,7 +103,7 @@ class profile_point {
                else    $ex = false;
                if ( !$ex ) {
                        if ( count( $this->children ) ) {
-                               $url = makeurl( false, false, $expand + array( $this->name() => true ) );
+                               $url = getEscapedProfileUrl( false, false, $expand + array( $this->name() => true ) );
                                $extet = " <a href=\"$url\">[+]</a>";
                        } else $extet = '';
                } else {
@@ -112,7 +112,7 @@ class profile_point {
                                if ( $name != $this->name() )
                                        $e += array( $name => $ep );
 
-                       $extet = " <a href=\"" . makeurl( false, false, $e ) . "\">[–]</a>";
+                       $extet = " <a href=\"" . getEscapedProfileUrl( false, false, $e ) . "\">[–]</a>";
                }
                ?>
                <tr>
@@ -231,31 +231,35 @@ else
 
 <table cellspacing="0" border="1">
 <tr id="top">
-<th><a href="<?php echo makeurl( false, 'name' ) ?>">Name</a></th>
-<th><a href="<?php echo makeurl( false, 'time' ) ?>">Time (%)</a></th>
-<th><a href="<?php echo makeurl( false, 'memory' ) ?>">Memory (%)</a></th>
-<th><a href="<?php echo makeurl( false, 'count' ) ?>">Count</a></th>
-<th><a href="<?php echo makeurl( false, 'calls_per_req' ) ?>">Calls/req</a></th>
-<th><a href="<?php echo makeurl( false, 'time_per_call' ) ?>">ms/call</a></th>
-<th><a href="<?php echo makeurl( false, 'memory_per_call' ) ?>">kb/call</a></th>
-<th><a href="<?php echo makeurl( false, 'time_per_req' ) ?>">ms/req</a></th>
-<th><a href="<?php echo makeurl( false, 'memory_per_req' ) ?>">kb/req</a></th>
+<th><a href="<?php echo getEscapedProfileUrl( false, 'name' ) ?>">Name</a></th>
+<th><a href="<?php echo getEscapedProfileUrl( false, 'time' ) ?>">Time (%)</a></th>
+<th><a href="<?php echo getEscapedProfileUrl( false, 'memory' ) ?>">Memory (%)</a></th>
+<th><a href="<?php echo getEscapedProfileUrl( false, 'count' ) ?>">Count</a></th>
+<th><a href="<?php echo getEscapedProfileUrl( false, 'calls_per_req' ) ?>">Calls/req</a></th>
+<th><a href="<?php echo getEscapedProfileUrl( false, 'time_per_call' ) ?>">ms/call</a></th>
+<th><a href="<?php echo getEscapedProfileUrl( false, 'memory_per_call' ) ?>">kb/call</a></th>
+<th><a href="<?php echo getEscapedProfileUrl( false, 'time_per_req' ) ?>">ms/req</a></th>
+<th><a href="<?php echo getEscapedProfileUrl( false, 'memory_per_req' ) ?>">kb/req</a></th>
 </tr>
 <?php
 $totaltime = 0.0;
 $totalcount = 0;
 $totalmemory = 0.0;
 
-function makeurl( $_filter = false, $_sort = false, $_expand = false ) {
+function getEscapedProfileUrl( $_filter = false, $_sort = false, $_expand = false ) {
        global $filter, $sort, $expand;
 
        if ( $_expand === false )
                $_expand = $expand;
 
-       $nfilter = $_filter ? htmlspecialchars( $_filter ) : htmlspecialchars( $filter );
-       $nsort = $_sort ? htmlspecialchars( $_sort ) : htmlspecialchars( $sort );
-       $exp = urlencode( implode( ',', array_keys( $_expand ) ) );
-       return "?filter=$nfilter&amp;sort=$nsort&amp;expand=$exp";
+       return htmlspecialchars(
+               '?' . 
+               wfArrayToCGI( array(
+                       'filter' => $_filter ? $_filter : $filter,
+                       'sort' => $_sort ? $_sort : $sort,
+                       'expand' => implode( ',', array_keys( $_expand ) ) 
+               ) )
+       );
 }
 
 $points = array();