diff options
| author | David Rothstein <drothstein@gmail.com> | 2013-11-20 15:45:59 -0500 |
|---|---|---|
| committer | David Rothstein <drothstein@gmail.com> | 2013-11-20 15:45:59 -0500 |
| commit | 782d1155c62c0a879bf587c7e40c3a13bcf6879c (patch) | |
| tree | 380060c81a7ebd76870cfd7fb566933b3a7c6efd /modules/overlay | |
| parent | bf704d6ffe55d66a440a55a9d43e8846d46d2440 (diff) | |
| download | brdo-782d1155c62c0a879bf587c7e40c3a13bcf6879c.tar.gz brdo-782d1155c62c0a879bf587c7e40c3a13bcf6879c.tar.bz2 | |
Drupal 7.24
Diffstat (limited to 'modules/overlay')
| -rw-r--r-- | modules/overlay/overlay.module | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/modules/overlay/overlay.module b/modules/overlay/overlay.module index 728198680..7b2fc9393 100644 --- a/modules/overlay/overlay.module +++ b/modules/overlay/overlay.module @@ -146,6 +146,10 @@ function overlay_init() { // If this page shouldn't be rendered inside the overlay, redirect to the // parent. elseif (!path_is_admin($current_path)) { + // Prevent open redirects by ensuring the current path is not an absolute URL. + if (url_is_external($current_path)) { + $current_path = '<front>'; + } overlay_close_dialog($current_path, array('query' => drupal_get_query_parameters(NULL, array('q', 'render')))); } |