diff options
Diffstat (limited to 'includes/common.inc')
| -rw-r--r-- | includes/common.inc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/includes/common.inc b/includes/common.inc index a170ee1bb..0cac24553 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -659,7 +659,8 @@ function drupal_encode_path($path) { */ function drupal_goto($path = '', array $options = array(), $http_response_code = 302) { // A destination in $_GET always overrides the function arguments. - if (isset($_GET['destination'])) { + // We do not allow absolute URLs to be passed via $_GET, as this can be an attack vector. + if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) { $destination = drupal_parse_url($_GET['destination']); $path = $destination['path']; $options['query'] = $destination['query']; |