Heine

  • home
  • drupal
  • drupal core commits
  • about
Home › Drupal Core Commits

Commit 339686 by webchick

#587706 follow-up by plach: trim GET['q'] centrally in request_path() so subsequent places don't have to do it.

--- <a href="http://drupalcode.org/viewvc/drupal/drupal/includes/bootstrap.inc" title="http://drupalcode.org/viewvc/drupal/drupal/includes/bootstrap.inc" rel="nofollow">http://drupalcode.org/viewvc/drupal/drupal/includes/bootstrap.inc</a>  2010/03/07 07:44:18     1.359
+++ <a href="http://drupalcode.org/viewvc/drupal/drupal/includes/bootstrap.inc" title="http://drupalcode.org/viewvc/drupal/drupal/includes/bootstrap.inc" rel="nofollow">http://drupalcode.org/viewvc/drupal/drupal/includes/bootstrap.inc</a>  2010/03/10 19:36:14     1.360
@@ -2188,6 +2188,11 @@
     $path = '';
   }
 
+  // Under certain conditions Apache's RewriteRule directive prepends the value
+  // assigned to $_GET['q'] with a slash. Moreover we can always have a trailing
+  // slash in place, hence we need to normalize $_GET['q'].
+  $path = trim($path, '/');
+
   return $path;
 }
 

--- <a href="http://drupalcode.org/viewvc/drupal/drupal/includes/language.inc" title="http://drupalcode.org/viewvc/drupal/drupal/includes/language.inc" rel="nofollow">http://drupalcode.org/viewvc/drupal/drupal/includes/language.inc</a>     2010/03/07 07:44:18     1.28
+++ <a href="http://drupalcode.org/viewvc/drupal/drupal/includes/language.inc" title="http://drupalcode.org/viewvc/drupal/drupal/includes/language.inc" rel="nofollow">http://drupalcode.org/viewvc/drupal/drupal/includes/language.inc</a>     2010/03/10 19:36:14     1.29
@@ -359,7 +359,7 @@
  *    - The path without the prefix on success, the given path otherwise.
  */
 function language_url_split_prefix($path, $languages) {
-  $args = empty($path) ? array() : explode('/', trim($path, '/'));
+  $args = empty($path) ? array() : explode('/', $path);
   $prefix = array_shift($args);
 
   // Search prefix within enabled languages.

--- <a href="http://drupalcode.org/viewvc/drupal/drupal/includes/path.inc" title="http://drupalcode.org/viewvc/drupal/drupal/includes/path.inc" rel="nofollow">http://drupalcode.org/viewvc/drupal/drupal/includes/path.inc</a> 2010/03/07 07:44:18     1.59
+++ <a href="http://drupalcode.org/viewvc/drupal/drupal/includes/path.inc" title="http://drupalcode.org/viewvc/drupal/drupal/includes/path.inc" rel="nofollow">http://drupalcode.org/viewvc/drupal/drupal/includes/path.inc</a> 2010/03/10 19:36:14     1.60
@@ -15,7 +15,7 @@
  */
 function drupal_path_initialize() {
   if (!empty($_GET['q'])) {
-    $_GET['q'] = drupal_get_normal_path(trim($_GET['q'], '/'));
+    $_GET['q'] = drupal_get_normal_path($_GET['q']);
   }
   else {
     $_GET['q'] = drupal_get_normal_path(variable_get('site_frontpage', 'node'));

No votes yet
  • Drupal Core
  • Download patch

Recent posts

  • Planet Drupal past and current
  • Help! - Cannot access a global variable.
  • Why is my module's update hook not listed on update.php's selection form?
  • How do I add a class to a link generated with l()
  • ZeroDayScan - Full path disclosure bug in Drupal 6.16 (0day)
more

Security reviews

  • Afraid custom code makes your site vulnerable?
  • You don't really trust that module you just downloaded from Drupal.org?

Sleep better after a security review.

Tags

Captcha CSRF Drupal embed Input Format modx OpenID Performance Planet Drupal rants Security Varnish
more tags
  • home
  • drupal
  • drupal core commits
  • about

Copyright © 2010 by Heine Deelstra. All rights reserved.