diff options
| -rw-r--r-- | CHANGELOG.txt | 6 | ||||
| -rw-r--r-- | includes/bootstrap.inc | 2 | ||||
| -rw-r--r-- | modules/overlay/overlay-parent.js | 9 |
3 files changed, 11 insertions, 6 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 9243b96ea..bc7a769a1 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,7 +1,11 @@ -Drupal 7.41, xxxx-xx-xx (development version) +Drupal 7.42, xxxx-xx-xx (development version) ----------------------- +Drupal 7.41, 2015-10-21 +----------------------- +- Fixed security issues (open redirect). See SA-CORE-2015-004. + Drupal 7.40, 2015-10-14 ----------------------- - Made Drupal's code for parsing .info files run much faster and use much less diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index 5f67243c3..e9665eb40 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -8,7 +8,7 @@ /** * The current system version. */ -define('VERSION', '7.41-dev'); +define('VERSION', '7.42-dev'); /** * Core API compatibility. diff --git a/modules/overlay/overlay-parent.js b/modules/overlay/overlay-parent.js index 7859821b4..efb26370c 100644 --- a/modules/overlay/overlay-parent.js +++ b/modules/overlay/overlay-parent.js @@ -350,7 +350,7 @@ Drupal.overlay.setFocusBefore = function ($element, document) { * TRUE if the URL represents an administrative link, FALSE otherwise. */ Drupal.overlay.isAdminLink = function (url) { - if (Drupal.overlay.isExternalLink(url)) { + if (!Drupal.urlIsLocal(url)) { return false; } @@ -378,6 +378,8 @@ Drupal.overlay.isAdminLink = function (url) { /** * Determine whether a link is external to the site. * + * Deprecated. Use Drupal.urlIsLocal() instead. + * * @param url * The URL to be tested. * @@ -385,8 +387,7 @@ Drupal.overlay.isAdminLink = function (url) { * TRUE if the URL is external to the site, FALSE otherwise. */ Drupal.overlay.isExternalLink = function (url) { - var re = RegExp('^((f|ht)tps?:)?//(?!' + window.location.host + ')'); - return re.test(url); + return !Drupal.urlIsLocal(url); }; /** @@ -405,7 +406,7 @@ Drupal.overlay.isExternalLink = function (url) { */ Drupal.overlay.getInternalUrl = function (path) { var url = Drupal.settings.basePath + path; - if (!this.isExternalLink(url)) { + if (Drupal.urlIsLocal(url)) { return url; } }; |