From 00e99a41cbbfc54c713205ac30eb65d3b62f1723 Mon Sep 17 00:00:00 2001
From: webchick <webchick@24967.no-reply.drupal.org>
Date: Sat, 5 May 2012 10:01:11 -0700
Subject: [PATCH] Issue #1558464 by Berdir, chx, fago, greggles: Fixed
 SA-CORE-2012-002 - Unvalidated form redirect.

---
 core/modules/user/user.module | 2 +-
 core/modules/user/user.test   | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 0589862ca83e..836f101b1905 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -1025,7 +1025,7 @@ function user_account_form_validate($form, &$form_state) {
 }
 
 function user_login_block($form) {
-  $form['#action'] = url(current_path(), array('query' => drupal_get_destination()));
+  $form['#action'] = url(current_path(), array('query' => drupal_get_destination(), 'external' => FALSE));
   $form['#id'] = 'user-login-form';
   $form['#validate'] = user_login_default_validators();
   $form['#submit'][] = 'user_login_submit';
diff --git a/core/modules/user/user.test b/core/modules/user/user.test
index c911088d8de1..a4ebdd8882f3 100644
--- a/core/modules/user/user.test
+++ b/core/modules/user/user.test
@@ -1616,6 +1616,13 @@ class UserBlocksUnitTests extends DrupalWebTestCase {
     $this->drupalPost('filter/tips', $edit, t('Log in'));
     $this->assertNoText(t('User login'), t('Logged in.'));
     $this->assertPattern('!<title.*?' . t('Compose tips') . '.*?</title>!', t('Still on the same page after login for allowed page'));
+
+    // Check that the user login block is not vulnerable to information
+    // disclosure to third party sites.
+    $this->drupalLogout();
+    $this->drupalPost('http://example.com/', $edit, t('Log in'), array('external' => FALSE));
+    // Check that we remain on the site after login.
+    $this->assertEqual(url('user/' . $user->uid, array('absolute' => TRUE)), $this->getUrl(), t('Redirected to user profile page after login from the frontpage'));
   }
 
   /**
-- 
GitLab