Révision bceb9b7a
Ajouté par Florent Torregrosa il y a environ 9 ans
| drupal7/includes/bootstrap.inc | ||
|---|---|---|
| 8 | 8 |
/** |
| 9 | 9 |
* The current system version. |
| 10 | 10 |
*/ |
| 11 |
define('VERSION', '7.34');
|
|
| 11 |
define('VERSION', '7.35');
|
|
| 12 | 12 |
|
| 13 | 13 |
/** |
| 14 | 14 |
* Core API compatibility. |
| ... | ... | |
| 2497 | 2497 |
// Load bootstrap modules. |
| 2498 | 2498 |
require_once DRUPAL_ROOT . '/includes/module.inc'; |
| 2499 | 2499 |
module_load_all(TRUE); |
| 2500 |
|
|
| 2501 |
// Sanitize the destination parameter (which is often used for redirects) to |
|
| 2502 |
// prevent open redirect attacks leading to other domains. Sanitize both |
|
| 2503 |
// $_GET['destination'] and $_REQUEST['destination'] to protect code that |
|
| 2504 |
// relies on either, but do not sanitize $_POST to avoid interfering with |
|
| 2505 |
// unrelated form submissions. The sanitization happens here because |
|
| 2506 |
// url_is_external() requires the variable system to be available. |
|
| 2507 |
if (isset($_GET['destination']) || isset($_REQUEST['destination'])) {
|
|
| 2508 |
require_once DRUPAL_ROOT . '/includes/common.inc'; |
|
| 2509 |
// If the destination is an external URL, remove it. |
|
| 2510 |
if (isset($_GET['destination']) && url_is_external($_GET['destination'])) {
|
|
| 2511 |
unset($_GET['destination']); |
|
| 2512 |
unset($_REQUEST['destination']); |
|
| 2513 |
} |
|
| 2514 |
// If there's still something in $_REQUEST['destination'] that didn't come |
|
| 2515 |
// from $_GET, check it too. |
|
| 2516 |
if (isset($_REQUEST['destination']) && (!isset($_GET['destination']) || $_REQUEST['destination'] != $_GET['destination']) && url_is_external($_REQUEST['destination'])) {
|
|
| 2517 |
unset($_REQUEST['destination']); |
|
| 2518 |
} |
|
| 2519 |
} |
|
| 2500 | 2520 |
} |
| 2501 | 2521 |
|
| 2502 | 2522 |
/** |
Formats disponibles : Unified diff
Update core to 7.35