Commit 70d79242 authored by drumm's avatar drumm

Merge tag '6.x-2.10' into 6.x-2.x

parents ab31076e cc1a32f2
......@@ -11,6 +11,11 @@ Bugfixes:
- #1442886 by pdrake: Fixed fatal error "failed opening theme.inc" in some edge
cases.
CCK 6.x-2.10
============
Security: Open Redirect - SA-CONTRIB-2015-126
CCK 6.x-2.9
===========
......
......@@ -1330,9 +1330,12 @@ function content_field_edit_form_submit($form, &$form_state) {
$form_values = $form_state['values'];
content_field_instance_update($form_values);
if (isset($_REQUEST['destinations'])) {
$destinations = !empty($_REQUEST['destinations']) ? $_REQUEST['destinations'] : array();
// Remove any external URLs.
$destinations = array_diff($destinations, array_filter($destinations, 'menu_path_is_external'));
if ($destinations) {
drupal_set_message(t('Added field %label.', array('%label' => $form_values['label'])));
$form_state['redirect'] = content_get_destinations($_REQUEST['destinations']);
$form_state['redirect'] = content_get_destinations($destinations);
}
else {
drupal_set_message(t('Saved field %label.', array('%label' => $form_values['label'])));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment