ok, i think i have as much a vanilla install for this problem.... it could be a sever configuration issue, i'm just not sure which way to go...
it is an url encoding situation involving & and &.
in admin/users.php on lines 237 to 240 the code is:
PHP Code:
<?php if ($action != 'delete') { ?>
<a href="<?php echo zen_href_link(FILENAME_USERS, 'action=edit&user=' . $userDetails['id']) ?>"><?php echo zen_image_button('button_edit.gif', IMAGE_EDIT) ?></a>
<a href="<?php echo zen_href_link(FILENAME_USERS, 'action=password&user=' . $userDetails['id']) ?>"><?php echo zen_image_button('button_reset_pwd.gif', IMAGE_RESET_PWD) ?></a>
<?php } ?>
when this generates the link, i have a URL similar to:
https://mysite.com/ADMIN/users.php?a...it&user=12
and now ZC is not properly parsing the $_GET variables.
i'm seeing this behavior on v1.5.4 in addition to v1.5.5. in addition i'm also seeing it on the profiles.php script.
i do not believe i have changed anything on the GET sanitizer...
is it me or is it ZC?
Bookmarks