summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorroball2015-06-25 01:16:51 (GMT)
committerNeil Drumm2015-06-25 01:16:51 (GMT)
commit1f336220e1130b470a26ba3474ea20cb577ed78c (patch)
tree91ce6c9828da887a93c476befca31747835ab331
parent34335e1197016a3d345d0bbf38a79ec419ab4f55 (diff)
Issue #2507821 by roball: Security fix for 6.x-3.x6.x-3.0-alpha46.x-3.x
-rw-r--r--CHANGELOG.txt5
-rw-r--r--includes/content.admin.inc7
2 files changed, 8 insertions, 4 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 8029699..b4285ef 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,6 +1,7 @@
-CCK 6.x-3.x
-===========
+CCK 6.x-3.0-alpha4
+==================
+- Security: Open Redirect - SA-CONTRIB-2015-126
- #1401950 by KarenS, Add empty test module with dependency on schema to make schema available to testbot.
- #1363036 by markdorison, Fix Class 'ContentCrudTestCase' not found message in tests.
- #1097548 by DeFr: Fixed warning on node forms for multigroups without any required fields.
diff --git a/includes/content.admin.inc b/includes/content.admin.inc
index d41e93c..e22c744 100644
--- a/includes/content.admin.inc
+++ b/includes/content.admin.inc
@@ -1345,9 +1345,12 @@ function content_field_edit_form_submit($form, &$form_state) {
$form_values = $form_state['values'];
content_field_instance_update($form_values);
- if (isset($_REQUEST['destinations'])) {
+ $destinations = !empty($_REQUEST['destinations']) ? $_REQUEST['destinations'] : array();
+ // Remove any external URLs.
+ $destinations = array_diff($destinations, array_filter($destinations, 'menu_path_is_external'));
+ if ($destinations) {
drupal_set_message(t('Added field %label.', array('%label' => $form_values['label'])));
- $form_state['redirect'] = content_get_destinations($_REQUEST['destinations']);
+ $form_state['redirect'] = content_get_destinations($destinations);
}
else {
drupal_set_message(t('Saved field %label.', array('%label' => $form_values['label'])));