Commit 1f336220 authored by roball's avatar roball Committed by drumm

Issue #2507821 by roball: Security fix for 6.x-3.x

parent 34335e11
CCK 6.x-3.x
===========
CCK 6.x-3.0-alpha4
==================
- Security: Open Redirect - SA-CONTRIB-2015-126
- #1401950 by KarenS, Add empty test module with dependency on schema to make schema available to testbot.
- #1363036 by markdorison, Fix Class 'ContentCrudTestCase' not found message in tests.
- #1097548 by DeFr: Fixed warning on node forms for multigroups without any required fields.
......
......@@ -1345,9 +1345,12 @@ function content_field_edit_form_submit($form, &$form_state) {
$form_values = $form_state['values'];
content_field_instance_update($form_values);
if (isset($_REQUEST['destinations'])) {
$destinations = !empty($_REQUEST['destinations']) ? $_REQUEST['destinations'] : array();
// Remove any external URLs.
$destinations = array_diff($destinations, array_filter($destinations, 'menu_path_is_external'));
if ($destinations) {
drupal_set_message(t('Added field %label.', array('%label' => $form_values['label'])));
$form_state['redirect'] = content_get_destinations($_REQUEST['destinations']);
$form_state['redirect'] = content_get_destinations($destinations);
}
else {
drupal_set_message(t('Saved field %label.', array('%label' => $form_values['label'])));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment