BUGFIX Escaping sprintf() arguments in ComplexTableField to avoid extraneous % characters in a referrer URL messing up the sprintf() invocation

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@93745 467b73ca-7a2a-4603-9d3b-597d59a354a9
2024-10-22 14:05:37 +02:00 · 2009-11-27 01:22:21 +00:00 · 2009-11-27 01:22:21 +00:00 · f3db094874
commit f3db094874
parent 389adf2f2d
1 changed files with 1 additions and 1 deletions
--- a/forms/ComplexTableField.php
+++ b/forms/ComplexTableField.php
@ -814,7 +814,7 @@ class ComplexTableField_ItemRequest extends RequestHandler {
 		$referrer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : null;
 		$closeLink = sprintf(
-			'<small><a href="' . $referrer . '" onclick="javascript:window.top.GB_hide(); return false;">(%s)</a></small>',
+			'<small><a href="' . str_replace('%', '%%', $referrer) . '" onclick="javascript:window.top.GB_hide(); return false;">(%s)</a></small>',
 			_t('ComplexTableField.CLOSEPOPUP', 'Close Popup')
 		);
 		$message = sprintf(