Révision 26e8440b
Ajouté par Assos Assos il y a presque 4 ans
| drupal7/includes/common.inc | ||
|---|---|---|
| 684 | 684 |
// We do not allow absolute URLs to be passed via $_GET, as this can be an attack vector. |
| 685 | 685 |
if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) {
|
| 686 | 686 |
$destination = drupal_parse_url($_GET['destination']); |
| 687 |
$path = $destination['path']; |
|
| 687 |
// Double check the path derived by drupal_parse_url() is not external. |
|
| 688 |
if (!url_is_external($destination['path'])) {
|
|
| 689 |
$path = $destination['path']; |
|
| 690 |
} |
|
| 688 | 691 |
$options['query'] = $destination['query']; |
| 689 | 692 |
$options['fragment'] = $destination['fragment']; |
| 690 | 693 |
} |
Formats disponibles : Unified diff
Udpate to 7.70