Don't urldecode() superglobals like $_GET.

Superglobals are automatically decoded. Decoding them again could be a
security issue.

nixtape/album-add.php

@@ -24,7 +24,7 @@ require_once('templating.php');
 require_once('data/Album.php');
 
 try {
-	$artist = new Artist(urldecode($_GET['artist']));
+	$artist = new Artist($_GET['artist']);
 } catch (Exception $e) {
 	$smarty->assign('pageheading', 'Artist not found.');
 	$smarty->assign('details', 'The artist ' . $_GET['artist'] . ' was not found in the database.');

nixtape/album.php

@@ -24,7 +24,7 @@ require_once('database.php');
 require_once('templating.php');
 require_once('data/Album.php');
 
-$album = new Album(urldecode($_GET['album']), urldecode($_GET['artist']));
+$album = new Album($_GET['album'], $_GET['artist']);
 
 try {
 	$artist = new Artist($album->artist_name);

nixtape/artist-manage.php

@@ -26,7 +26,7 @@ require_once('data/Server.php');
 require_once('data/TagCloud.php');
 
 try {
-	$artist = new Artist(urldecode($_GET['artist']));
+	$artist = new Artist($_GET['artist']);
 } catch (exception $e) {
         $smarty->assign('pageheading', 'Artist not found.');
         $smarty->assign('details', 'The artist '.($_GET['artist']).' was not found in the database.');

nixtape/artist-tag.php

@@ -34,7 +34,7 @@ if($logged_in == false) {
 }
 
 try {
-	$artist = new Artist(urldecode($_GET['artist']));
+	$artist = new Artist($_GET['artist']);
 } catch (exception $e) {
         $smarty->assign('pageheading', 'Artist not found.');
         $smarty->assign('details', 'The artist '.($_GET['artist']).' was not found in the database.');

nixtape/artist.php

@@ -27,7 +27,7 @@ require_once('data/TagCloud.php');
 require_once('artist-menu.php');
 
 try {
-	$artist = new Artist(urldecode($_GET['artist']));
+	$artist = new Artist($_GET['artist']);
 } catch (exception $e) {
         $smarty->assign('pageheading', 'Artist not found.');
         $smarty->assign('details', 'The artist '.($_GET['artist']).' was not found in the database.');

nixtape/tag.php

@@ -32,7 +32,7 @@ if(!isset($_GET['tag'])) {
 	die();
 }
 
-$tag = urldecode($_GET['tag']);
+$tag = $_GET['tag'];
 $smarty->assign('tag', $tag);
 
 try {

nixtape/track-add.php

@@ -27,7 +27,7 @@ require_once('data/Track.php');
 require_once('utils/licenses.php');
 
 try {
-	$artist = new Artist(urldecode($_GET['artist']));
+	$artist = new Artist($_GET['artist']);
 } catch (Exception $e) {
 	$smarty->assign('pageheading', 'Artist not found.');
 	$smarty->assign('details', 'The artist ' . $_GET['artist'] . ' was not found in the database.');
@@ -35,7 +35,7 @@ try {
 	die();
 }
 
-$album = new Album(urldecode($_GET['album']), $artist->name);
+$album = new Album($_GET['album'], $artist->name);
 
 if(!isset($this_user) || !$this_user->manages($artist->name)) {
 	$smarty->assign('pageheading', 'Permission denied');
@@ -47,7 +47,7 @@ if(!isset($this_user) || !$this_user->manages($artist->name)) {
 $edit = false;
 if(isset($_GET['track'])) {
 	$edit = true;
-	$track = new Track(urldecode($_GET['track']), $artist->name);
+	$track = new Track($_GET['track'], $artist->name);
 }
 
 $smarty->assign('artist', $artist);

nixtape/track.php

@@ -25,7 +25,7 @@ require_once('data/sanitize.php');
 require_once('data/Server.php');
 require_once('data/TagCloud.php');
 
-$track = new Track(urldecode($_GET['track']), urldecode($_GET['artist']));
+$track = new Track($_GET['track'], $_GET['artist']);
 $smarty->assign('track', $track);
 
 $album = new Album($track->album_name, $track->artist_name);

nixtape/user-groups.php

@@ -35,7 +35,7 @@ if(!isset($_GET['user']) && $logged_in == false) {
 }
 
 try {
-	$user = new User(urldecode($_GET['user']));
+	$user = new User($_GET['user']);
 } catch (Exception $e) {
 	$smarty->assign('pageheading', 'User not found');
 	$smarty->assign('details', 'Shall I call in a missing persons report?');

nixtape/user-journal.php

@@ -35,7 +35,7 @@ if(!isset($_GET['user']) && $logged_in == false) {
 }
 
 try {
-	$user = new User(urldecode($_GET['user']));
+	$user = new User($_GET['user']);
 } catch (Exception $e) {
 	$smarty->assign('pageheading', $error);
 	$smarty->assign('details', 'Shall I call in a missing persons report?');

nixtape/user-profile.php

@@ -34,7 +34,7 @@ if(!isset($_GET['user']) && $logged_in == false) {
 }
 
 try {
-	$user = new User(urldecode($_GET['user']));
+	$user = new User($_GET['user']);
 } catch (exception $e) {
 	$error = 'User not found';
 }

nixtape/user-recent-tracks.php

@@ -34,7 +34,7 @@ if(!isset($_GET['user']) && $logged_in == false) {
 }
 
 try {
-	$user = new User(urldecode($_GET['user']));
+	$user = new User($_GET['user']);
 } catch (Exception $e) {
 	$smarty->assign('pageheading', 'User not found');
 	$smarty->assign('details', 'Shall I call in a missing persons report?');

nixtape/user-recommended.php

@@ -34,7 +34,7 @@ if(!isset($_GET['user']) && $logged_in == false) {
 }
 
 try {
-	$user = new User(urldecode($_GET['user']));
+	$user = new User($_GET['user']);
 } catch (exception $e) {
 	$error = 'User not found';
 }

nixtape/user-station.php

@@ -34,7 +34,7 @@ if(!isset($_GET['user']) && $logged_in == false) {
 }
 
 try {
-	$user = new User(urldecode($_GET['user']));
+	$user = new User($_GET['user']);
 } catch (exception $e) {
 	$error = 'User not found';
 }

nixtape/user-stats.php

@@ -34,7 +34,7 @@ if(!isset($_GET['user']) && $logged_in == false) {
 }
 
 try {
-    $user = new User(urldecode($_GET['user']));
+    $user = new User($_GET['user']);
 } catch (Exception $e) {
     if ($e->getCode() == 22) {
        echo('We had some trouble locating that user.  Are you sure you spelled it correctly?'."\n");