? drupal_goto-parse_url.patch
? modules/simpletest/tests/.common.test.swp
? sites/default/files
? sites/default/settings.php
Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.831
diff -u -p -r1.831 common.inc
--- includes/common.inc	23 Nov 2008 16:54:47 -0000	1.831
+++ includes/common.inc	28 Nov 2008 11:54:59 -0000
@@ -326,7 +326,8 @@ function drupal_get_destination() {
 function drupal_goto($path = '', $query = NULL, $fragment = NULL, $http_response_code = 302) {
 
   if (isset($_REQUEST['destination'])) {
-    extract(parse_url(urldecode($_REQUEST['destination'])));
+    preg_match('/^([^?#]*)(?:\?([^#]*))?(?:#(.*))?$/', urldecode($_REQUEST['destination']), $matches);
+    list(, $path, $query, $fragment) = $matches + array_fill(0, 4, NULL);
   }
 
   $url = url($path, array('query' => $query, 'fragment' => $fragment, 'absolute' => TRUE));
Index: modules/simpletest/tests/common.test
===================================================================
RCS file: /cvs/drupal/drupal/modules/simpletest/tests/common.test,v
retrieving revision 1.17
diff -u -p -r1.17 common.test
--- modules/simpletest/tests/common.test	26 Nov 2008 13:48:49 -0000	1.17
+++ modules/simpletest/tests/common.test	28 Nov 2008 11:54:59 -0000
@@ -200,6 +200,28 @@ class CascadingStylesheetsTestCase exten
 }
 
 /**
+ * Test drupal_goto().
+ */
+class DrupalGotoTestCase extends DrupalWebTestCase {
+  function getInfo() {
+    return array(
+      'name' => t('Drupal Goto'),
+      'description' => t("Performs tests on drupal_goto()."),
+      'group' => t('System')
+    );
+  }
+
+  function testDrupalGotoDestination() {
+    $user = $this->drupalCreateUser(array('access content', 'create page content'));
+    $this->drupalLogin($user);
+    $edit = array('title' => 'test');
+    // Set the destination to a path that would confuse parse_url().
+    $this->drupalPost('node/add/page', $edit, t('Save'), array('query' => array('destination' => 'foo:/:bar')));
+    $this->assertTrue(strpos($this->url, drupal_urlencode('foo:/:bar')) !== FALSE);
+  }
+}
+
+/**
  * Test drupal_http_request().
  */
 class DrupalHTTPRequestTestCase extends DrupalWebTestCase {