diff options
| -rw-r--r-- | includes/common.inc | 6 | ||||
| -rw-r--r-- | modules/user.module | 2 | ||||
| -rw-r--r-- | modules/user/user.module | 2 |
3 files changed, 8 insertions, 2 deletions
diff --git a/includes/common.inc b/includes/common.inc index 234309459..1e4c249a7 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -414,6 +414,12 @@ function search_type($type = 0, $action = 0, $query = 0, $options = 0) { function drupal_goto($url) { /* + ** Check the URL to prevent XSS attacks: + */ + + $url = check_url($url); + + /* ** Translate & to simply & */ diff --git a/modules/user.module b/modules/user.module index a580a32b8..4af5b703d 100644 --- a/modules/user.module +++ b/modules/user.module @@ -622,7 +622,7 @@ function user_login($edit = array(), $msg = "") { ** Redirect the user to the page he logged on from. */ - drupal_goto(check_url($edit["destination"])); + drupal_goto($edit["destination"]); } else { if (!$error) { diff --git a/modules/user/user.module b/modules/user/user.module index a580a32b8..4af5b703d 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -622,7 +622,7 @@ function user_login($edit = array(), $msg = "") { ** Redirect the user to the page he logged on from. */ - drupal_goto(check_url($edit["destination"])); + drupal_goto($edit["destination"]); } else { if (!$error) { |