|
|
@@ -608,7 +608,7 @@ function GETPOST($paramname, $check = 'alphanohtml', $method = 0, $filter = null
|
|
|
|
|
|
// Sanitizing for special parameters. There is no reason to allow the backtopage parameter to contains an external URL.
|
|
|
if ($paramname == 'backtopage') {
|
|
|
- $out = preg_replace(array('/[\\\/][\\\/]+/', '/^[a-z]*:/'), '', $out);
|
|
|
+ $out = preg_replace(array('!(\\\|/)+!', '/^[a-z]*:/'), '', $out);
|
|
|
}
|
|
|
|
|
|
// Code for search criteria persistence.
|
Laurent Destailleur