From 340b0e511c7424e2c9258c4b2f8ccc232c4f8d44 Mon Sep 17 00:00:00 2001
From: "Hahn Axel (hahn)" <axel.hahn@unibe.ch>
Date: Fri, 20 Sep 2024 15:01:22 +0200
Subject: [PATCH] urlencode params in ajax call

---
 public_html/deployment/pages/act_build.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/public_html/deployment/pages/act_build.php b/public_html/deployment/pages/act_build.php
index 00c9cc94..828909e8 100644
--- a/public_html/deployment/pages/act_build.php
+++ b/public_html/deployment/pages/act_build.php
@@ -7,9 +7,12 @@
   webgui - build a package
 
   ---------------------------------------------------------------------
-  2014-11-14  Axel <axel.hahn@iml.unibe.ch>  selector for branches
-  2014-02-14  Axel <axel.hahn@iml.unibe.ch>  build was "ajaxified"
   2013-11-08  Axel <axel.hahn@iml.unibe.ch>
+  2014-02-14  Axel   build was "ajaxified"
+  2014-11-14  Axel   selector for branches
+  (...)
+  2024-09-20  Axel   urlencode params in ajax call
+
   ###################################################################### */
 
 require_once("./classes/project_gui.class.php");
@@ -187,10 +190,10 @@ if (!array_key_exists("confirm", $aParams)) {
     $sAjaxFile = $aParams["prj"] . "_" . $aParams["action"];
     $sDivname = "outAjax";
     $sUrlStartAction = "/deployment/?"
-        . "&prj=" . $aParams["prj"]
+        . "&prj=" . urlencode($aParams["prj"])
         . "&action=" . $aParams["action"]
         . "&confirm=" . $aParams["confirm"]
-        . "&branchname=" . $aParams["branchname"]
+        . "&branchname=" . urlencode($aParams["branchname"])
         . "&ajax=" . $sAjaxFile
         . "&run=1"
     ;
-- 
GitLab