Drupal core and contributed modules frequently use a "destination" query string parameter in URLs to redirect users to a new destination after completing an action on the current page. Under certain circumstances, malicious users can use this parameter to construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks.
This vulnerability has been publicly documented.
RedirectResponseSubscriber event handler removal
As part of the fix, `\Drupal\Core\EventSubscriber\RedirectResponseSubscriber::sanitizeDestination` has been removed, although this is a public function, it is not considered an API as per our API policy for event subscribers.
If you have extended that class or are calling that method, you should review your implementation in line with the changes in the patch. The existing function has been removed to prevent a false sense of security.
京公网安备 11010502034610号
暂无评论