Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.If you have the module enabled and go to http://mysite.com/index.php?q=http://google.com you will immediately be redirected to google. (you can swap google for any full url.)
Code causing the issue:
// Now that the language is detected, do an absolute redirect to avoid page
// caching in the wrong language.
$url = url($_GET['q'], array('language' => $language, 'absolute' => TRUE, 'external' => FALSE, 'query' => drupal_query_string_encode($_GET, array('q'))));
drupal_goto($url, NULL, NULL, 301);
I hardcoded the external option to false. The problem was that url was auto-detecting the q parameter as an external website, and creating the url accordingly. That was being passed to drupal_goto() and causing the arbitrary redirect,
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | geopip-1210822.patch | 907 bytes | frankcarey |
Comments
Comment #1
frankcarey CreditAttribution: frankcarey commentedhere is the patch.
Comment #2
bojanz CreditAttribution: bojanz at Centarro commented