From a63269e3e1cbcd825e61a481e9d2d788fb2dc916 Mon Sep 17 00:00:00 2001
From: Chocobo1 <Chocobo1@users.noreply.github.com>
Date: Wed, 15 Feb 2023 13:59:21 +0800
Subject: [PATCH] Migrate away from unsafe function

MooTools More has CVE-2021-20088 and qbt is affected by it by using the
unsafe function call `String.parseQueryString()`, so migrate away from
it.

PR #18554.
---
 src/webui/www/private/scripts/client.js | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/webui/www/private/scripts/client.js b/src/webui/www/private/scripts/client.js
index c1e3a2c68..a5b6c23f9 100644
--- a/src/webui/www/private/scripts/client.js
+++ b/src/webui/www/private/scripts/client.js
@@ -1289,11 +1289,11 @@ function registerMagnetHandler() {
         return;
     }
 
-    const hashParams = getHashParamsFromUrl();
-    hashParams.download = '';
-
-    const templateHashString = Object.toQueryString(hashParams).replace('download=', 'download=%s');
+    const hashString = location.hash ? location.hash.replace(/^#/, '') : '';
+    const hashParams = new URLSearchParams(hashString);
+    hashParams.set('download', '');
 
+    const templateHashString = hashParams.toString().replace('download=', 'download=%s');
     const templateUrl = location.origin + location.pathname
         + location.search + '#' + templateHashString;
 
@@ -1313,11 +1313,6 @@ function handleDownloadParam() {
     showDownloadPage([url]);
 }
 
-function getHashParamsFromUrl() {
-    const hashString = location.hash ? location.hash.replace(/^#/, '') : '';
-    return (hashString.length > 0) ? String.parseQueryString(hashString) : {};
-}
-
 function closeWindows() {
     MochaUI.closeAll();
 }