Mercurial Mercurial > corpus_parole / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cms/drupal/includes/common.inc
changeset 570 cdf0cb7bf073
parent 541 e756a8c72c3d 
--- a/cms/drupal/includes/common.inc	Mon Mar 19 15:45:08 2018 +0100
+++ b/cms/drupal/includes/common.inc	Mon Mar 19 16:00:44 2018 +0100
@@ -2236,8 +2236,11 @@
     'prefix' => ''
   );
 
+  // Determine whether this is an external link, but ensure that the current
+  // path is always treated as internal by default (to prevent external link
+  // injection vulnerabilities).
   if (!isset($options['external'])) {
-    $options['external'] = url_is_external($path);
+    $options['external'] = $path === $_GET['q'] ? FALSE : url_is_external($path);
   }
 
   // Preserve the original path before altering or aliasing.
corpus_parole