0007282: invalid redirect url returned from string_sanitize_url when incuding # anchor - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0007282	mantisbt	administration	public	2006-07-14 13:21	2006-09-12 00:54

Reporter	arnoschaefer	Assigned To	ryandesign
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	duplicate
Product Version	1.0.3

Summary	0007282: invalid redirect url returned from string_sanitize_url when incuding # anchor
Description	Redirects in Mantis 1.0.3 fail if the redirected url contains a # anchor, e.g. after editing a bugnote: http://intranet.staging.jobpilot.net:8000/admin/mantis/view.php?id=10749#bugnotes Related bug: 0007055, 0007116, 0007087, 0007088: the reason the bug did not appear in 1.0.2 was that in the line if ( strpos( '?', $t_url ) !== FALSE ) { the strpos call is incorrect and thus always returns FALSE: the following code is never executed. The supposedly corrected code in 1.0.3 contains the error mentioned above.
Steps To Reproduce	edit bugnote, then after save, wait for reload
Additional Information	Suggested fix: // split and encode parameters $t_anchor = ""; if ( strpos( $t_url, '#' ) !== FALSE ) { list ( $t_url, $t_anchor) = split ('#', $t_url, 2); if ( $t_anchor != "" ) { $t_anchor = "#".urlencode (strip_tags (urldecode ($t_anchor))); } } if ( strpos( $t_url, '?' ) !== FALSE ) { list( $t_path, $t_param ) = split( '\?', $t_url, 2 ); if ( $t_param !== "" ) { $t_vals = array(); parse_str( $t_param, $t_vals ); $t_param = ''; foreach($t_vals as $k => $v) { if ($t_param != '') { $t_param .= '&'; } $t_param .= "$k=" . urlencode( strip_tags( urldecode( $v ) ) ); } return $t_path . '?' . $t_param . $t_anchor; } else { return $t_path . $t_anchor; } } else { return $t_url . $t_anchor; } }
Tags	No tags attached.