1 files changed, 30 insertions, 17 deletions

diff --git a/includes/common.inc b/includes/common.inc
index 30ba8d7b9..963187096 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -97,6 +97,15 @@ function object2array($node) {
   return $array;
 }
 
+function referer_uri() {
+
+  if (isset($_SERVER["HTTP_REFERER"])) {
+    $uri = $_SERVER["HTTP_REFERER"];
+
+    return check_url($uri);
+  }
+}
+
 function request_uri() {
   /*
   ** Since request_uri() is only available on Apache, we generate
@@ -110,21 +119,7 @@ function request_uri() {
     $uri = $_SERVER["PHP_SELF"] ."?". $_SERVER["QUERY_STRING"];
   }
 
-  /*
-  ** We pipe the request URI through htmlspecialchars() to prevent
-  ** XSS attacks.
-  */
-
-  $uri = htmlspecialchars($uri, ENT_QUOTES);
-
-  /*
-  ** We replace ( and ) with their entity equivalents to prevent XSS
-  ** attacks.
-  */
-
-  $uri = strtr($uri, array("(" => "&040;", ")" => "&041;"));
-
-  return $uri;
+  return check_url($uri);
 }
 
 function message_access() {
@@ -457,8 +452,8 @@ function drupal_goto($url) {
 */
 
 function referer_save() {
-  if (!strstr($_SERVER["HTTP_REFERER"], request_uri())) {
-    $_SESSION["referer"] = $_SERVER["HTTP_REFERER"];
+  if (!strstr(referer_uri(), request_uri())) {
+    $_SESSION["referer"] = referer_uri();
   }
 }
 
@@ -475,6 +470,24 @@ function referer_load() {
   }
 }
 
+function check_url($uri) {
+  /*
+  ** We pipe the request URI through htmlspecialchars() to prevent
+  ** XSS attacks.
+  */
+
+  $uri = htmlspecialchars($uri, ENT_QUOTES);
+
+  /*
+  ** We replace ( and ) with their entity equivalents to prevent XSS
+  ** attacks.
+  */
+
+  $uri = strtr($uri, array("(" => "&040;", ")" => "&041;"));
+
+  return $uri;
+}
+
 function check_form($text) {
   return drupal_specialchars($text);
 }