Merge previous to trunk.

git-svn-id: http://code.elgg.org/elgg/trunk@5816 36083f99-b078-4883-b0ff-0f9b5a30f544

diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 77cc0d3a1657c657005776e630093fd3aeb50f80..8bb7ff39e1a1054dab8eeb3f379dc55be4377cfe 100644 (file)
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -249,6 +249,11 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie
                $viewtype = elgg_get_viewtype();
        }
 
+       // Viewtypes can only be alphanumeric 
+       if (preg_match('[\W]', $viewtype)) {
+               return ''; 
+       } 
+
        // Set up any extensions to the requested view
        if (isset($CONFIG->views->extensions[$view])) {
                $viewlist = $CONFIG->views->extensions[$view];
@@ -2396,7 +2401,11 @@ function full_url() {
        $s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : "";
        $protocol = substr(strtolower($_SERVER["SERVER_PROTOCOL"]), 0, strpos(strtolower($_SERVER["SERVER_PROTOCOL"]), "/")) . $s;
        $port = ($_SERVER["SERVER_PORT"] == "80" || $_SERVER["SERVER_PORT"] == "443") ? "" : (":".$_SERVER["SERVER_PORT"]);
-       return $protocol . "://" . $_SERVER['SERVER_NAME'] . $port . $_SERVER['REQUEST_URI'];
+
+       $quotes = array('\'', '"'); 
+       $encoded = array('%27', '%22'); 
+
+       return $protocol . "://" . $_SERVER['SERVER_NAME'] . $port . str_replace($quotes, $encoded, $_SERVER['REQUEST_URI']); 
 }
 
 /**