diff options
| author | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-06-21 14:59:14 +0000 |
|---|---|---|
| committer | Angie Byron <webchick@24967.no-reply.drupal.org> | 2010-06-21 14:59:14 +0000 |
| commit | 8a27a7dd61d92641daa481899fdaea7ec48ed77e (patch) | |
| tree | f763f73912bc1d661ac2244a0122c51c17720846 /includes | |
| parent | 65ae6eb0e10a241e711d347029109d7e4b8a888a (diff) | |
| download | brdo-8a27a7dd61d92641daa481899fdaea7ec48ed77e.tar.gz brdo-8a27a7dd61d92641daa481899fdaea7ec48ed77e.tar.bz2 | |
#733028 by cha0s, agentrickard: Fixed SA-CORE-2010-001 - Open redirection.
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/common.inc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/includes/common.inc b/includes/common.inc index a170ee1bb..0cac24553 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -659,7 +659,8 @@ function drupal_encode_path($path) { */ function drupal_goto($path = '', array $options = array(), $http_response_code = 302) { // A destination in $_GET always overrides the function arguments. - if (isset($_GET['destination'])) { + // We do not allow absolute URLs to be passed via $_GET, as this can be an attack vector. + if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) { $destination = drupal_parse_url($_GET['destination']); $path = $destination['path']; $options['query'] = $destination['query']; |