diff options
| author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2009-04-30 16:15:44 +0000 |
|---|---|---|
| committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2009-04-30 16:15:44 +0000 |
| commit | 3e81a14a4908aca99874484159e25dd88b8d3ecb (patch) | |
| tree | 9da56ed4212236dc1d9ec98332acc09826bdf305 | |
| parent | 1faa09b1afb6c50c4b80d27299ca6f01fc4cc5b1 (diff) | |
| download | brdo-3e81a14a4908aca99874484159e25dd88b8d3ecb.tar.gz brdo-3e81a14a4908aca99874484159e25dd88b8d3ecb.tar.bz2 | |
#449142 by pwolanin: SA-CORE-2009-005 #2.
| -rw-r--r-- | includes/bootstrap.inc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index a486d0c03..127f31f6b 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -1085,6 +1085,8 @@ function request_uri() { $uri = $_SERVER['SCRIPT_NAME']; } } + // Prevent multiple slashes to avoid cross site requests via the Form API. + $uri = '/' . ltrim($uri, '/'); return $uri; } |