diff options
author | David Rothstein <drothstein@gmail.com> | 2015-03-18 15:20:37 -0400 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2015-03-18 15:20:37 -0400 |
commit | b44056d2f8e8c71d35c85ec5c2fb8f7c8a02d8a8 (patch) | |
tree | 466ec33c9527f1eaffd1b37031af6047d606cd60 /includes/bootstrap.inc | |
parent | 81586d9e9d04dcee487c50de426c04221899b6d0 (diff) | |
download | brdo-b44056d2f8e8c71d35c85ec5c2fb8f7c8a02d8a8.tar.gz brdo-b44056d2f8e8c71d35c85ec5c2fb8f7c8a02d8a8.tar.bz2 |
Drupal 7.35
Diffstat (limited to 'includes/bootstrap.inc')
-rw-r--r-- | includes/bootstrap.inc | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 744fc8fe7..b33f950f4 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -8,7 +8,7 @@ /** * The current system version. */ -define('VERSION', '7.34'); +define('VERSION', '7.35'); /** * Core API compatibility. @@ -2497,6 +2497,26 @@ function _drupal_bootstrap_variables() { // Load bootstrap modules. require_once DRUPAL_ROOT . '/includes/module.inc'; module_load_all(TRUE); + + // Sanitize the destination parameter (which is often used for redirects) to + // prevent open redirect attacks leading to other domains. Sanitize both + // $_GET['destination'] and $_REQUEST['destination'] to protect code that + // relies on either, but do not sanitize $_POST to avoid interfering with + // unrelated form submissions. The sanitization happens here because + // url_is_external() requires the variable system to be available. + if (isset($_GET['destination']) || isset($_REQUEST['destination'])) { + require_once DRUPAL_ROOT . '/includes/common.inc'; + // If the destination is an external URL, remove it. + if (isset($_GET['destination']) && url_is_external($_GET['destination'])) { + unset($_GET['destination']); + unset($_REQUEST['destination']); + } + // If there's still something in $_REQUEST['destination'] that didn't come + // from $_GET, check it too. + if (isset($_REQUEST['destination']) && (!isset($_GET['destination']) || $_REQUEST['destination'] != $_GET['destination']) && url_is_external($_REQUEST['destination'])) { + unset($_REQUEST['destination']); + } + } } /** |