From c3b2efc93528b50c480a584c67283afe9ea077b6 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 13 Dec 2019 15:57:28 +0100
Subject: [inc/Render] Add qstr_urlencode as global mustache var

---
 inc/render.inc.php | 5 +++++
 inc/util.inc.php   | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

(limited to 'inc')

diff --git a/inc/render.inc.php b/inc/render.inc.php
index f8f9e56b..34e064bc 100644
--- a/inc/render.inc.php
+++ b/inc/render.inc.php
@@ -230,6 +230,11 @@ class Render
 		$params['password_type'] = Property::getPasswordFieldType();
 		// Branding
 		$params['product_name'] = defined('CONFIG_PRODUCT_NAME') ? CONFIG_PRODUCT_NAME : 'OpenSLX';
+		// Query string
+		if (strpos($_SERVER['QUERY_STRING'], 'message[]=') !== false) {
+			$_SERVER['QUERY_STRING'] = preg_replace('/message\[\]=[^&]+(&|$)/', '', $_SERVER['QUERY_STRING']);
+		}
+		$params['qstr_urlencode'] = rawurlencode('?' . $_SERVER['QUERY_STRING']);
 		// Return rendered html
 		return self::$mustache->render($html, $params);
 	}
diff --git a/inc/util.inc.php b/inc/util.inc.php
index 9c9d4e58..21d784a8 100644
--- a/inc/util.inc.php
+++ b/inc/util.inc.php
@@ -156,13 +156,13 @@ SADFACE;
 	public static function redirect($location = false, $preferRedirectPost = false)
 	{
 		if ($location === false) {
-			$location = preg_replace('/(&|\?)message\[\]\=[^&]*/', '\1', $_SERVER['REQUEST_URI']);
+			$location = preg_replace('/([&?])message\[\]\=[^&]*/', '\1', $_SERVER['REQUEST_URI']);
 		}
 		Session::save();
 		$messages = Message::toRequest();
 		if ($preferRedirectPost
 			&& ($redirect = Request::post('redirect', false, 'string')) !== false
-			&& !preg_match(',^(\w+\:|//),', $redirect) /* no uri scheme, no server */) {
+			&& !preg_match(',^([0-9a-zA-Z_+\-]+:|//),', $redirect) /* no uri scheme, no server */) {
 			$location = $redirect;
 		}
 		if (!empty($messages)) {
-- 
cgit v1.2.3-55-g7522