If you write a login link like user/login?destination=node/82 and use login overloading, the link is rewritten incorrectly --> user/login/thickbox?height=230&width=250&?destination=node/98

Drupal now translates the ? into %3F in the XSS protection layer.

This patch should fix it.

http://lug.wsu.edu/~ben/drupal_fix_thickbox_jquery_regex.patch

Comments

frjo’s picture

Assigned: Unassigned » frjo
Status: Active » Fixed

Committed to 6-dev with some modifications. Please check so it's still working for your use case. Thanks for the patch!

binford2k’s picture

Status: Fixed » Active

Actually, back it out. I misunderstood something about the l() function. thickbox was behaving appropriately.

My apologies.

frjo’s picture

Status: Active » Closed (fixed)