Commit aac412f0 authored by catch's avatar catch Committed by dsnopek

Issue #2965601 by dsnopek, catch: [core] Add D6LTS patch for SA-CORE-2018-004...

Issue #2965601 by dsnopek, catch: [core] Add D6LTS patch for SA-CORE-2018-004 (fix redundant variable_get)
parent 4b5e3931
......@@ -13,7 +13,7 @@ index 5654dde..72343aa 100644
// If there's still something in $_REQUEST['destination'] that didn't
// come from $_GET, check it too.
if (isset($_REQUEST['destination']) && (!isset($_GET['destination']) || $_REQUEST['destination'] != $_GET['destination']) && menu_path_is_external($_REQUEST['destination'])) {
@@ -1660,3 +1664,92 @@ function _drupal_bootstrap_sanitize_input(&$input, $whitelist = array()) {
@@ -1660,3 +1664,90 @@ function _drupal_bootstrap_sanitize_input(&$input, $whitelist = array()) {
return $sanitized_keys;
}
......@@ -29,8 +29,6 @@ index 5654dde..72343aa 100644
+function _drupal_bootstrap_clean_destination() {
+ $dangerous_keys = array();
+
+ $log_sanitized_keys = variable_get('sanitize_input_logging', FALSE);
+
+ $parts = _drupal_parse_url($_GET['destination']);
+ if (!empty($parts['query'])) {
+ $whitelist = variable_get('sanitize_input_whitelist', array());
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment