Révision 26e8440b
Ajouté par Assos Assos il y a presque 4 ans
drupal7/includes/common.inc | ||
---|---|---|
684 | 684 |
// We do not allow absolute URLs to be passed via $_GET, as this can be an attack vector. |
685 | 685 |
if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) { |
686 | 686 |
$destination = drupal_parse_url($_GET['destination']); |
687 |
$path = $destination['path']; |
|
687 |
// Double check the path derived by drupal_parse_url() is not external. |
|
688 |
if (!url_is_external($destination['path'])) { |
|
689 |
$path = $destination['path']; |
|
690 |
} |
|
688 | 691 |
$options['query'] = $destination['query']; |
689 | 692 |
$options['fragment'] = $destination['fragment']; |
690 | 693 |
} |
Formats disponibles : Unified diff
Udpate to 7.70