Patch to disable redirect to External URLs with GlobalRedirect Module
Submitted by enzo on Wed, 12/01/2010 - 14:29
Hello folks
A customer requested to remove an apparently security issue, caused by Global Redirect in the way it handles the request to translate node/xx to the human URL inside Drupal.
Well this treatment generates a problem with requests like this http://www.domain.com/?q=http://domain2.com, redirecting the customer to http://domain.com website.
To avoid this behavior I did a little patch for the module file to disable this option and return a page not found.
Please consider enabling this option for the next release or enable it as configuration value.
You can follow the issue request to include in next release here
Regards,
enzo
| Attachment | Size |
|---|---|
 globalredirect-disable-external-url.patch | 655 bytes |
