We can't do Paths::sanitize before we check if $attach is NULL because it'll ruin...

author Robert Sesek <rsesek@bluestatic.org>

Sun, 22 Jan 2006 18:53:15 +0000 (18:53 +0000)

committer Robert Sesek <rsesek@bluestatic.org>

Sun, 22 Jan 2006 18:53:15 +0000 (18:53 +0000)
author Robert Sesek <rsesek@bluestatic.org>
Sun, 22 Jan 2006 18:53:15 +0000 (18:53 +0000)
committer Robert Sesek <rsesek@bluestatic.org>
Sun, 22 Jan 2006 18:53:15 +0000 (18:53 +0000)
diff --git a/includes/controller.php b/includes/controller.php

index 09c0f2c258df8af2c303f93230d7ecf8cccaf0f1..f5d0337e27db667c15b041957e0abb548b91d626 100644 (file)
--- a/includes/controller.php
+++ b/includes/controller.php
@@ -179,7 +179,6 @@ class Controller
         function href_compound($base, $attach = null, $revstr = null)
         {
                 $url = Paths::fetch_arguments($base . ($revstr === null ? ((strpos($base, '?') !== false) ? '&' . $this->revstr : $this->revstr) : $revstr));
-               $attach = Paths::sanitize($attach);
                 
                 if ($attach === null)
                 {
@@ -187,6 +186,7 @@ class Controller
                 }
                 else
                 {
+                       $attach = Paths::sanitize($attach);
                         $path = $this->path . (($attach[0] != '/' AND $this->path[ strlen($this->path) - 1 ] != '/') ? '/' : '') . $attach;
                 }
author	Robert Sesek <rsesek@bluestatic.org>
	Sun, 22 Jan 2006 18:53:15 +0000 (18:53 +0000)
committer	Robert Sesek <rsesek@bluestatic.org>
	Sun, 22 Jan 2006 18:53:15 +0000 (18:53 +0000)