summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--includes/common.inc47
1 files changed, 30 insertions, 17 deletions
diff --git a/includes/common.inc b/includes/common.inc
index 30ba8d7b9..963187096 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -97,6 +97,15 @@ function object2array($node) {
return $array;
}
+function referer_uri() {
+
+ if (isset($_SERVER["HTTP_REFERER"])) {
+ $uri = $_SERVER["HTTP_REFERER"];
+
+ return check_url($uri);
+ }
+}
+
function request_uri() {
/*
** Since request_uri() is only available on Apache, we generate
@@ -110,21 +119,7 @@ function request_uri() {
$uri = $_SERVER["PHP_SELF"] ."?". $_SERVER["QUERY_STRING"];
}
- /*
- ** We pipe the request URI through htmlspecialchars() to prevent
- ** XSS attacks.
- */
-
- $uri = htmlspecialchars($uri, ENT_QUOTES);
-
- /*
- ** We replace ( and ) with their entity equivalents to prevent XSS
- ** attacks.
- */
-
- $uri = strtr($uri, array("(" => "&040;", ")" => "&041;"));
-
- return $uri;
+ return check_url($uri);
}
function message_access() {
@@ -457,8 +452,8 @@ function drupal_goto($url) {
*/
function referer_save() {
- if (!strstr($_SERVER["HTTP_REFERER"], request_uri())) {
- $_SESSION["referer"] = $_SERVER["HTTP_REFERER"];
+ if (!strstr(referer_uri(), request_uri())) {
+ $_SESSION["referer"] = referer_uri();
}
}
@@ -475,6 +470,24 @@ function referer_load() {
}
}
+function check_url($uri) {
+ /*
+ ** We pipe the request URI through htmlspecialchars() to prevent
+ ** XSS attacks.
+ */
+
+ $uri = htmlspecialchars($uri, ENT_QUOTES);
+
+ /*
+ ** We replace ( and ) with their entity equivalents to prevent XSS
+ ** attacks.
+ */
+
+ $uri = strtr($uri, array("(" => "&040;", ")" => "&041;"));
+
+ return $uri;
+}
+
function check_form($text) {
return drupal_specialchars($text);
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 06:38:23 +0000