From 3e81a14a4908aca99874484159e25dd88b8d3ecb Mon Sep 17 00:00:00 2001
From: Angie Byron <webchick@24967.no-reply.drupal.org>
Date: Thu, 30 Apr 2009 16:15:44 +0000
Subject: #449142 by pwolanin: SA-CORE-2009-005 #2.

---
 includes/bootstrap.inc | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'includes')

diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc
index a486d0c03..127f31f6b 100644
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -1085,6 +1085,8 @@ function request_uri() {
       $uri = $_SERVER['SCRIPT_NAME'];
     }
   }
+  // Prevent multiple slashes to avoid cross site requests via the Form API.
+  $uri = '/' . ltrim($uri, '/');
 
   return $uri;
 }
-- 
cgit v1.2.3