summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--common/core/SA-CORE-2018-004.patch4
1 files changed, 1 insertions, 3 deletions
diff --git a/common/core/SA-CORE-2018-004.patch b/common/core/SA-CORE-2018-004.patch
index 3ac0bea..0e57d8b 100644
--- a/common/core/SA-CORE-2018-004.patch
+++ b/common/core/SA-CORE-2018-004.patch
@@ -13,7 +13,7 @@ index 5654dde..72343aa 100644
// If there's still something in $_REQUEST['destination'] that didn't
// come from $_GET, check it too.
if (isset($_REQUEST['destination']) && (!isset($_GET['destination']) || $_REQUEST['destination'] != $_GET['destination']) && menu_path_is_external($_REQUEST['destination'])) {
-@@ -1660,3 +1664,92 @@ function _drupal_bootstrap_sanitize_input(&$input, $whitelist = array()) {
+@@ -1660,3 +1664,90 @@ function _drupal_bootstrap_sanitize_input(&$input, $whitelist = array()) {
return $sanitized_keys;
}
@@ -29,8 +29,6 @@ index 5654dde..72343aa 100644
+function _drupal_bootstrap_clean_destination() {
+ $dangerous_keys = array();
+
-+ $log_sanitized_keys = variable_get('sanitize_input_logging', FALSE);
-+
+ $parts = _drupal_parse_url($_GET['destination']);
+ if (!empty($parts['query'])) {
+ $whitelist = variable_get('sanitize_input_whitelist', array());