From 6a4bb5c1b788f961579470ace5b28c1293484d2a Mon Sep 17 00:00:00 2001
From: Chocobo1 <Chocobo1@users.noreply.github.com>
Date: Wed, 15 Feb 2023 13:59:21 +0800
Subject: [PATCH] Migrate away from unsafe function

MooTools More has CVE-2021-20088 and qbt is affected by it by using the
unsafe function call `String.parseQueryString()`, so migrate away from
it.

PR #18554.
---
 src/webui/www/private/scripts/client.js | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/webui/www/private/scripts/client.js b/src/webui/www/private/scripts/client.js
index 296c00399..f8cf2f5c0 100644
--- a/src/webui/www/private/scripts/client.js
+++ b/src/webui/www/private/scripts/client.js
@@ -1387,11 +1387,11 @@ function registerMagnetHandler() {
         return;
     }
 
-    const hashParams = getHashParamsFromUrl();
-    hashParams.download = '';
-
-    const templateHashString = Object.toQueryString(hashParams).replace('download=', 'download=%s');
+    const hashString = location.hash ? location.hash.replace(/^#/, '') : '';
+    const hashParams = new URLSearchParams(hashString);
+    hashParams.set('download', '');
 
+    const templateHashString = hashParams.toString().replace('download=', 'download=%s');
     const templateUrl = location.origin + location.pathname
         + location.search + '#' + templateHashString;
 
@@ -1411,11 +1411,6 @@ function handleDownloadParam() {
     showDownloadPage([url]);
 }
 
-function getHashParamsFromUrl() {
-    const hashString = location.hash ? location.hash.replace(/^#/, '') : '';
-    return (hashString.length > 0) ? String.parseQueryString(hashString) : {};
-}
-
 function closeWindows() {
     MochaUI.closeAll();
 }