Révision bceb9b7a
Ajouté par Florent Torregrosa il y a environ 9 ans
drupal7/includes/bootstrap.inc | ||
---|---|---|
8 | 8 |
/** |
9 | 9 |
* The current system version. |
10 | 10 |
*/ |
11 |
define('VERSION', '7.34');
|
|
11 |
define('VERSION', '7.35');
|
|
12 | 12 |
|
13 | 13 |
/** |
14 | 14 |
* Core API compatibility. |
... | ... | |
2497 | 2497 |
// Load bootstrap modules. |
2498 | 2498 |
require_once DRUPAL_ROOT . '/includes/module.inc'; |
2499 | 2499 |
module_load_all(TRUE); |
2500 |
|
|
2501 |
// Sanitize the destination parameter (which is often used for redirects) to |
|
2502 |
// prevent open redirect attacks leading to other domains. Sanitize both |
|
2503 |
// $_GET['destination'] and $_REQUEST['destination'] to protect code that |
|
2504 |
// relies on either, but do not sanitize $_POST to avoid interfering with |
|
2505 |
// unrelated form submissions. The sanitization happens here because |
|
2506 |
// url_is_external() requires the variable system to be available. |
|
2507 |
if (isset($_GET['destination']) || isset($_REQUEST['destination'])) { |
|
2508 |
require_once DRUPAL_ROOT . '/includes/common.inc'; |
|
2509 |
// If the destination is an external URL, remove it. |
|
2510 |
if (isset($_GET['destination']) && url_is_external($_GET['destination'])) { |
|
2511 |
unset($_GET['destination']); |
|
2512 |
unset($_REQUEST['destination']); |
|
2513 |
} |
|
2514 |
// If there's still something in $_REQUEST['destination'] that didn't come |
|
2515 |
// from $_GET, check it too. |
|
2516 |
if (isset($_REQUEST['destination']) && (!isset($_GET['destination']) || $_REQUEST['destination'] != $_GET['destination']) && url_is_external($_REQUEST['destination'])) { |
|
2517 |
unset($_REQUEST['destination']); |
|
2518 |
} |
|
2519 |
} |
|
2500 | 2520 |
} |
2501 | 2521 |
|
2502 | 2522 |
/** |
Formats disponibles : Unified diff
Update core to 7.35