Commit 22a9cd39 authored by pkiraly's avatar pkiraly

Issue #148568: fixing the Open Redirect issues in D6.

parent 5a8da6eb
......@@ -2418,10 +2418,14 @@ function xc_auth_logout_page($auth_type = NULL) {
// Log out
user_logout();
// Redirect
isset($_GET['destination'])
? drupal_goto($_GET['destination'])
: drupal_goto();
$destination = '';
if (isset($_GET['destination'])) && !menu_path_is_external($_GET['destination'])) {
$destination = $_GET['destination'];
}
drupal_goto($destination);
}
/**
......
......@@ -3742,7 +3742,12 @@ function xc_ncip_provider_renew_item_page($ncip_provider, $user_id, $item_id,
else {
drupal_set_message(t('Item renewed'));
}
drupal_goto($_GET['destination'] ? $_GET['destination'] : '');
$destination = '';
if (isset($_GET['destination'])) && !menu_path_is_external($_GET['destination'])) {
$destination = $_GET['destination'];
}
drupal_goto($destination);
}
/**
......
......@@ -1296,4 +1296,4 @@ function xc_util_get_global_options($name = NULL) {
}
return FALSE;
}
\ No newline at end of file
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment