Commit 905ff00a authored by xjm's avatar xjm
Browse files

SA-CORE-2020-003 by vortfu, mcdruid, Fabianx, dsnopek

parent 3fbd514f
......@@ -684,7 +684,10 @@ function drupal_goto($path = '', array $options = array(), $http_response_code =
// We do not allow absolute URLs to be passed via $_GET, as this can be an attack vector.
if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) {
$destination = drupal_parse_url($_GET['destination']);
$path = $destination['path'];
// Double check the path derived by drupal_parse_url() is not external.
if (!url_is_external($destination['path'])) {
$path = $destination['path'];
}
$options['query'] = $destination['query'];
$options['fragment'] = $destination['fragment'];
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment