diff options
| author | Dries Buytaert <dries@buytaert.net> | 2003-06-14 07:02:32 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2003-06-14 07:02:32 +0000 |
| commit | 3e9aabe05897becc4b0b749832540a49eb77184d (patch) | |
| tree | 0d1e2c9a9c336d9147848932352abd19e5a11c9f | |
| parent | d95499bf03c65f59190687882567c80a074c711a (diff) | |
| download | brdo-3e9aabe05897becc4b0b749832540a49eb77184d.tar.gz brdo-3e9aabe05897becc4b0b749832540a49eb77184d.tar.bz2 | |
- Moved some CXX checks to a centralized place; less error-prone.
| -rw-r--r-- | includes/common.inc | 6 | ||||
| -rw-r--r-- | modules/user.module | 2 | ||||
| -rw-r--r-- | modules/user/user.module | 2 |
3 files changed, 8 insertions, 2 deletions
diff --git a/includes/common.inc b/includes/common.inc index 234309459..1e4c249a7 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -414,6 +414,12 @@ function search_type($type = 0, $action = 0, $query = 0, $options = 0) { function drupal_goto($url) { /* + ** Check the URL to prevent XSS attacks: + */ + + $url = check_url($url); + + /* ** Translate & to simply & */ diff --git a/modules/user.module b/modules/user.module index a580a32b8..4af5b703d 100644 --- a/modules/user.module +++ b/modules/user.module @@ -622,7 +622,7 @@ function user_login($edit = array(), $msg = "") { ** Redirect the user to the page he logged on from. */ - drupal_goto(check_url($edit["destination"])); + drupal_goto($edit["destination"]); } else { if (!$error) { diff --git a/modules/user/user.module b/modules/user/user.module index a580a32b8..4af5b703d 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -622,7 +622,7 @@ function user_login($edit = array(), $msg = "") { ** Redirect the user to the page he logged on from. */ - drupal_goto(check_url($edit["destination"])); + drupal_goto($edit["destination"]); } else { if (!$error) { |