diff --git a/core/ext/index.ext.php b/core/ext/index.ext.php
index 898823e5..98e96b57 100644
--- a/core/ext/index.ext.php
+++ b/core/ext/index.ext.php
@@ -14,7 +14,7 @@ class Index extends Extension {
if(isset($_GET['search'])) {
$search_terms = explode(' ', $_GET['search']);
- $query = "search=".html_escape($_GET['search']);
+ $query = "search=".url_escape($_GET['search']);
}
else {
$query = null;
@@ -36,8 +36,9 @@ class Index extends Extension {
/*
$page_title = "";
foreach($search_terms as $term) {
+ $u_term = url_escape($term);
$h_term = html_escape($term);
- $page_title .= "$h_term";
+ $page_title .= "$h_term";
}
*/
$page->set_subheading("Page $page_number / $total_pages");
@@ -78,8 +79,8 @@ class Index extends Extension {
$prev = $page_number - 1;
$next = $page_number + 1;
- $h_tags = html_escape(implode("%20", $search_terms));
- $query = empty($h_tags) ? null : "search=$h_tags";
+ $u_tags = url_escape(implode(" ", $search_terms));
+ $query = empty($u_tags) ? null : "search=$u_tags";
$h_prev = ($page_number <= 1) ? "Prev" : "Prev";
diff --git a/core/ext/tag_edit.ext.php b/core/ext/tag_edit.ext.php
index 22e380ff..b6818ecf 100644
--- a/core/ext/tag_edit.ext.php
+++ b/core/ext/tag_edit.ext.php
@@ -85,7 +85,7 @@ class TagEdit extends Extension {
global $database;
if(isset($_GET['search'])) {
- $h_query = "search=".html_escape($_GET['search']);
+ $h_query = "search=".url_escape($_GET['search']);
}
else {
$h_query = "";
diff --git a/core/ext/user.ext.php b/core/ext/user.ext.php
index 9bc5b847..52ed9c31 100644
--- a/core/ext/user.ext.php
+++ b/core/ext/user.ext.php
@@ -329,8 +329,8 @@ class UserPage extends Extension {
$h_image_rate = sprintf("%3.1f", ($i_image_count / $i_days_old2));
$h_comment_rate = sprintf("%3.1f", ($i_comment_count / $i_days_old2));
- $h_name = html_escape($duser->name);
- $images_link = make_link("index", "search=poster%3D$h_name");
+ $u_name = url_escape($duser->name);
+ $images_link = make_link("index", "search=poster%3D$u_name");
return "
Join date: $h_join_date ($i_days_old days old)
diff --git a/core/ext/view.ext.php b/core/ext/view.ext.php
index d153e5da..f32a2973 100644
--- a/core/ext/view.ext.php
+++ b/core/ext/view.ext.php
@@ -61,7 +61,7 @@ class ViewImage extends Extension {
// $prev_img = $database->db->GetOne("SELECT id FROM images WHERE id > ? ORDER BY id ASC ", array($image_id));
if(isset($_GET['search'])) {
$search_terms = explode(' ', $_GET['search']);
- $query = "search=".html_escape($_GET['search']);
+ $query = "search=".url_escape($_GET['search']);
}
else {
$search_terms = array();
diff --git a/core/util.inc.php b/core/util.inc.php
index aa272703..9528599f 100644
--- a/core/util.inc.php
+++ b/core/util.inc.php
@@ -12,6 +12,11 @@ function int_escape($input) {
return (int)$input;
}
+function url_escape($input) {
+ $input = rawurlencode($input);
+ return $input;
+}
+
function sql_escape($input) {
global $database;
return $database->db->Quote($input);
diff --git a/ext/tag_list/main.php b/ext/tag_list/main.php
index 035399da..abf023cd 100644
--- a/ext/tag_list/main.php
+++ b/ext/tag_list/main.php
@@ -64,8 +64,7 @@ class TagList extends Extension {
// }}}
// misc {{{
private function tag_link($tag) {
- $h_tag = html_escape($tag);
- return make_link("index", "search=$h_tag");
+ return make_link("index", "search=".url_escape($tag));
}
// }}}
// maps {{{
@@ -285,7 +284,7 @@ class TagList extends Extension {
else {
$tags = array_remove($tags, $tag);
$tags = array_remove($tags, "-$tag");
- return "R";
+ return "R";
}
}
@@ -296,7 +295,7 @@ class TagList extends Extension {
else {
$tags = array_remove($tags, "-$tag");
$tags = array_add($tags, $tag);
- return "A";
+ return "A";
}
}
@@ -307,7 +306,7 @@ class TagList extends Extension {
else {
$tags = array_remove($tags, $tag);
$tags = array_add($tags, "-$tag");
- return "S";
+ return "S";
}
}
// }}}