Commit cc1a32f2 authored by drumm's avatar drumm

6.x-2.10 release

parent fa41f80f
//$Id$ //$Id$
CCK 6.x-2.10
============
Security: Open Redirect - SA-CONTRIB-2015-126
CCK 6.x-2.9 CCK 6.x-2.9
=========== ===========
......
...@@ -1331,9 +1331,12 @@ function content_field_edit_form_submit($form, &$form_state) { ...@@ -1331,9 +1331,12 @@ function content_field_edit_form_submit($form, &$form_state) {
$form_values = $form_state['values']; $form_values = $form_state['values'];
content_field_instance_update($form_values); content_field_instance_update($form_values);
if (isset($_REQUEST['destinations'])) { $destinations = !empty($_REQUEST['destinations']) ? $_REQUEST['destinations'] : array();
// Remove any external URLs.
$destinations = array_diff($destinations, array_filter($destinations, 'menu_path_is_external'));
if ($destinations) {
drupal_set_message(t('Added field %label.', array('%label' => $form_values['label']))); drupal_set_message(t('Added field %label.', array('%label' => $form_values['label'])));
$form_state['redirect'] = content_get_destinations($_REQUEST['destinations']); $form_state['redirect'] = content_get_destinations($destinations);
} }
else { else {
drupal_set_message(t('Saved field %label.', array('%label' => $form_values['label']))); drupal_set_message(t('Saved field %label.', array('%label' => $form_values['label'])));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment