strip hard-wired zids from posted links as they will have the wrong identity when somebody tries to view the link

2014-02-16 14:13:26 -08:00
parent d9e4f63466
commit ebd52368bb
6 changed files with 20 additions and 12 deletions
--- a/index.php
+++ b/index.php
@@ -92,7 +92,7 @@ if((x($_SESSION,'language')) && ($_SESSION['language'] !== $lang)) {
 }

 if((x($_GET,'zid')) && (! $a->install)) {
-	$a->query_string = preg_replace('/[\?&]zid=(.*?)([\?&]|$)/is','',$a->query_string);
+	$a->query_string = strip_zids($a->query_string);
 	if(! local_user()) {
 		$_SESSION['my_address'] = $_GET['zid'];
 		zid_init($a);