- Added a function check_url() that CSS checks URLs (or parts thereof).

2003-06-06 21:08:35 +00:00 · 2003-06-06 21:08:35 +00:00 · 17cd7c497d
parent 8f783f69dd
commit 17cd7c497d
1 changed files with 30 additions and 17 deletions
--- a/includes/common.inc
+++ b/includes/common.inc
@ -97,6 +97,15 @@ function object2array($node) {
  return $array;
 }
 function referer_uri() {
  if (isset($_SERVER["HTTP_REFERER"])) {
    $uri = $_SERVER["HTTP_REFERER"];
    return check_url($uri);
  }
 }
 function request_uri() {
  /*
  ** Since request_uri() is only available on Apache, we generate
@ -110,21 +119,7 @@ function request_uri() {
    $uri = $_SERVER["PHP_SELF"] ."?". $_SERVER["QUERY_STRING"];
  }
-  /*
+  return check_url($uri);
  ** We pipe the request URI through htmlspecialchars() to prevent
  ** XSS attacks.
  */
  $uri = htmlspecialchars($uri, ENT_QUOTES);
  /*
  ** We replace ( and ) with their entity equivalents to prevent XSS
  ** attacks.
  */
  $uri = strtr($uri, array("(" => "&040;", ")" => "&041;"));
  return $uri;
 }
 function message_access() {
@ -457,8 +452,8 @@ function drupal_goto($url) {
 */
 function referer_save() {
-  if (!strstr($_SERVER["HTTP_REFERER"], request_uri())) {
+  if (!strstr(referer_uri(), request_uri())) {
-    $_SESSION["referer"] = $_SERVER["HTTP_REFERER"];
+    $_SESSION["referer"] = referer_uri();
  }
 }
@ -475,6 +470,24 @@ function referer_load() {
  }
 }
 function check_url($uri) {
  /*
  ** We pipe the request URI through htmlspecialchars() to prevent
  ** XSS attacks.
  */
  $uri = htmlspecialchars($uri, ENT_QUOTES);
  /*
  ** We replace ( and ) with their entity equivalents to prevent XSS
  ** attacks.
  */
  $uri = strtr($uri, array("(" => "&040;", ")" => "&041;"));
  return $uri;
 }
 function check_form($text) {
  return drupal_specialchars($text);
 }