Canadian Mysteries

  • Front Page
  • Contact
  • Log in
  • « Added Sarah Taekema as new Mysteries Admin
  • Batch process images »

fix urlencode problem on photo.php pages

Posted by sarneil on 18 Apr 2018 in Activity log
I recently added urlencode() to the invocation of $_GET variables in each of 11 photos.php files. That solved the problem of vulnerability to code-injection attack, but as one of the variables was a pathname, the "/" characters were encoded and thus when that argument was passed on, the encoded path of course failed. I added a function to unencode just the slash characters and passed the urlencoded path to it, thus returning a path in which all potentially dangerous characters other than the "/" are still escaped. That should make the page useable and secure.
This entry was posted by Stewart and filed under Activity log.

Canadian Mysteries

The Canadian Mysteries site consists of a production site containing 12 mysteries, a containing shell and 30 mysteryquests; and a database-driven development site. HCMC took over tech support in summer 08. This blog documents work done on the site from Sept 08. Earlier work is documented in the depts blog in posts prepended with CanMys
  • Home
  • Recently
  • Archives
  • Categories
  • Latest comments

Search

Categories

  • All
  • Activity log
  • Announcements
  • Tasks

XML Feeds

  • RSS 2.0: Posts
  • Atom: Posts
What is RSS?

Recent Posts

  • Added Sarah Taekema as new Mysteries Admin
  • fix urlencode problem on photo.php pages
  • Batch process images
  • moved learning materials pages
  • de-orphaning links pages on Franklin site
  • Request for teacher locations
  • fix broken links in mysteryquest
  • change backend database pointers
  • landing pages for parks canada
  • Franklin Google search styled

Sidebar 2

This is the "Sidebar 2" container. You can place any widget you like in here. In the evo toolbar at the top of this page, select "Customize", then "Blog Widgets".

This collection ©2025 by admin • Help • Online manual generator