Commit ce2d04eb authored by pere-orga's avatar pere-orga Committed by Yonas Yanfa

Check for external URLs in the HTTP GET destination parameter when redirecting...

Check for external URLs in the HTTP GET destination parameter when redirecting users that are activating/deactivating the Context UI inline editor dialog.
parent e5aae411
......@@ -387,8 +387,10 @@ function context_ui_menu_contextual_links_alter(&$links, $router_item, $root_pat
* A page call back to activate the context_ui inline editor dialog.
*/
function context_ui_activate() {
$_SESSION['context_ui_active'] = $_GET['destination'];
drupal_goto($_GET['destination']);
if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) {
$_SESSION['context_ui_active'] = $_GET['destination'];
drupal_goto($_GET['destination']);
}
}
/**
......@@ -398,8 +400,10 @@ function context_ui_activate() {
* to navigate to when deactivating context_ui_editor
*/
function context_ui_deactivate() {
$_SESSION['context_ui_active'] = FALSE;
drupal_goto($_GET['destination']);
if (isset($_GET['destination']) && !url_is_external($_GET['destination'])) {
$_SESSION['context_ui_active'] = FALSE;
drupal_goto($_GET['destination']);
}
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment