vcs.fsf.org Git - civicrm-core.git/commit

author	Chris Burgess <chris@giantrobot.co.nz>
	Mon, 13 Jul 2015 00:45:51 +0000 (12:45 +1200)
committer	eileenmcnaugton <eileen@fuzion.co.nz>
	Thu, 6 Aug 2015 01:15:45 +0000 (13:15 +1200)
commit	6ef7bd91a684e23c5d8c601b2a5060f0176a6d7b
tree	beedfe4b2174ac1abe753bcc4208c1399887199a	tree \| snapshot (zip tar.gz)
parent	2a44f0e5e86906f980d0219180cb41cd978f036f	commit \| diff

CRM-16832. Do not redirect offsite when fed invalid keys.

URLs to test:

* http://civicrm.dev/civicrm/contribute/transact?qfKey=xxx&entryURL=http://evil.example.com/ should go to CIVICRM_UF_BASEURL
* http://civicrm.dev/civicrm/contribute/transact?qfKey=xxx&entryURL=/civicrm/contribute/transact%3Fid%3D1 should go to /civicrm/contribute/transact?id=1
* http://civicrm.dev/civicrm/contribute/transact?qfKey=xxx&entryURL=http://civicrm.dev/civicrm/contribute/transact%3Fid%3D1 should go to /civicrm/contribute/transact?id=1

CRM/Core/Controller.php		diff \| blob \| blame \| history
tests/phpunit/WebTest/Utils/RedirectTest.php	[new file with mode: 0644]	blob