- Added a function check_url() that CSS checks URLs (or parts thereof).

2003-06-06 21:08:35 +00:00 · 2003-06-06 21:08:35 +00:00 · 17cd7c497d
parent 8f783f69dd
commit 17cd7c497d
1 changed files with 30 additions and 17 deletions
--- a/includes/common.inc
+++ b/includes/common.inc
@ -97,6 +97,15 @@ function object2array($node) {
  return $array;
 }

+function referer_uri() {
+
+  if (isset($_SERVER["HTTP_REFERER"])) {
+    $uri = $_SERVER["HTTP_REFERER"];
+
+    return check_url($uri);
+  }
+}
+
 function request_uri() {
  /*
  ** Since request_uri() is only available on Apache, we generate
@ -110,21 +119,7 @@ function request_uri() {
    $uri = $_SERVER["PHP_SELF"] ."?". $_SERVER["QUERY_STRING"];
  }

-  /*
-  ** We pipe the request URI through htmlspecialchars() to prevent
-  ** XSS attacks.
-  */
-
-  $uri = htmlspecialchars($uri, ENT_QUOTES);
-
-  /*
-  ** We replace ( and ) with their entity equivalents to prevent XSS
-  ** attacks.
-  */
-
-  $uri = strtr($uri, array("(" => "&040;", ")" => "&041;"));
-
-  return $uri;
+  return check_url($uri);
 }

 function message_access() {
@ -457,8 +452,8 @@ function drupal_goto($url) {
 */

 function referer_save() {
-  if (!strstr($_SERVER["HTTP_REFERER"], request_uri())) {
-    $_SESSION["referer"] = $_SERVER["HTTP_REFERER"];
+  if (!strstr(referer_uri(), request_uri())) {
+    $_SESSION["referer"] = referer_uri();
  }
 }

@ -475,6 +470,24 @@ function referer_load() {
  }
 }

+function check_url($uri) {
+  /*
+  ** We pipe the request URI through htmlspecialchars() to prevent
+  ** XSS attacks.
+  */
+
+  $uri = htmlspecialchars($uri, ENT_QUOTES);
+
+  /*
+  ** We replace ( and ) with their entity equivalents to prevent XSS
+  ** attacks.
+  */
+
+  $uri = strtr($uri, array("(" => "&040;", ")" => "&041;"));
+
+  return $uri;
+}
+
 function check_form($text) {
  return drupal_specialchars($text);
 }