summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Rothstein <drothstein@gmail.com>2015-10-21 15:47:40 -0400
committerDavid Rothstein <drothstein@gmail.com>2015-10-21 15:47:40 -0400
commit9f72251c9291b5613acb9ca4ea7a51b4739e3f93 (patch)
tree4e4bc7a16ff3c64f9627fb160e2647d41ab7efd3
parent9d16792580c241b42e6192b480f65cf0bdd07bc9 (diff)
downloadbrdo-9f72251c9291b5613acb9ca4ea7a51b4739e3f93.tar.gz
brdo-9f72251c9291b5613acb9ca4ea7a51b4739e3f93.tar.bz2
Drupal 7.41
-rw-r--r--CHANGELOG.txt4
-rw-r--r--includes/bootstrap.inc2
-rw-r--r--modules/overlay/overlay-parent.js9
3 files changed, 10 insertions, 5 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index f75354e60..29277196e 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,4 +1,8 @@
+Drupal 7.41, 2015-10-21
+-----------------------
+- Fixed security issues (open redirect). See SA-CORE-2015-004.
+
Drupal 7.40, 2015-10-14
-----------------------
- Made Drupal's code for parsing .info files run much faster and use much less
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index 3768a10a7..b3382bf6f 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -8,7 +8,7 @@
/**
* The current system version.
*/
-define('VERSION', '7.40');
+define('VERSION', '7.41');
/**
* Core API compatibility.
diff --git a/modules/overlay/overlay-parent.js b/modules/overlay/overlay-parent.js
index 7859821b4..efb26370c 100644
--- a/modules/overlay/overlay-parent.js
+++ b/modules/overlay/overlay-parent.js
@@ -350,7 +350,7 @@ Drupal.overlay.setFocusBefore = function ($element, document) {
* TRUE if the URL represents an administrative link, FALSE otherwise.
*/
Drupal.overlay.isAdminLink = function (url) {
- if (Drupal.overlay.isExternalLink(url)) {
+ if (!Drupal.urlIsLocal(url)) {
return false;
}
@@ -378,6 +378,8 @@ Drupal.overlay.isAdminLink = function (url) {
/**
* Determine whether a link is external to the site.
*
+ * Deprecated. Use Drupal.urlIsLocal() instead.
+ *
* @param url
* The URL to be tested.
*
@@ -385,8 +387,7 @@ Drupal.overlay.isAdminLink = function (url) {
* TRUE if the URL is external to the site, FALSE otherwise.
*/
Drupal.overlay.isExternalLink = function (url) {
- var re = RegExp('^((f|ht)tps?:)?//(?!' + window.location.host + ')');
- return re.test(url);
+ return !Drupal.urlIsLocal(url);
};
/**
@@ -405,7 +406,7 @@ Drupal.overlay.isExternalLink = function (url) {
*/
Drupal.overlay.getInternalUrl = function (path) {
var url = Drupal.settings.basePath + path;
- if (!this.isExternalLink(url)) {
+ if (Drupal.urlIsLocal(url)) {
return url;
}
};