summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--securelogin.module3
1 files changed, 2 insertions, 1 deletions
diff --git a/securelogin.module b/securelogin.module
index d56dbdb..d179fe8 100644
--- a/securelogin.module
+++ b/securelogin.module
@@ -71,7 +71,8 @@ function securelogin_secure_redirect() {
// POST requests are not redirected, to prevent unintentional redirects which
// result in lost POST data. HTTPS requests are also not redirected.
if (!$is_https && $_SERVER['REQUEST_METHOD'] != 'POST') {
- $options = array('query' => drupal_get_query_parameters(), 'https' => TRUE);
+ // Do not permit redirecting to an external URL.
+ $options = array('query' => drupal_get_query_parameters(), 'https' => TRUE, 'external' => FALSE);
// Ignore the destination for this redirect (it was preserved in the query).
unset($_GET['destination']);
drupal_goto($_GET['q'], $options, 301);