7 common.inc drupal_get_destination()
4.6 common.inc drupal_get_destination()
4.7 common.inc drupal_get_destination()
5 common.inc drupal_get_destination()
6 common.inc drupal_get_destination()
8 common.inc drupal_get_destination()

Prepares a 'destination' URL query parameter for use with drupal_goto().

Used to direct the user back to the referring page after completing a form. By default the current URL is returned. If a destination exists in the previous request, that destination is returned. As such, a destination can persist across multiple pages.

Return value

An associative array containing the key:

  • destination: The path provided via the destination query string or, if not available, the current path.

See also

current_path()

drupal_goto()

Related topics

28 calls to drupal_get_destination()
comment_admin_overview in modules/comment/comment.admin.inc
Form builder for the comment overview administration form.
common_test_destination in modules/simpletest/tests/common_test.module
Print destination query parameter.
contextual_pre_render_links in modules/contextual/contextual.module
Build a renderable array for contextual links.
field_ui_field_overview_form_submit in modules/field_ui/field_ui.admin.inc
Form submission handler for field_ui_field_overview_form().
forum_menu_local_tasks_alter in modules/forum/forum.module
Implements hook_menu_local_tasks_alter().

... See full list

File

includes/common.inc, line 525
Common functions that many Drupal modules will need to reference.

Code

function drupal_get_destination() {
  $destination = &drupal_static(__FUNCTION__);

  if (isset($destination)) {
    return $destination;
  }

  if (isset($_GET ['destination'])) {
    $destination = array('destination' => $_GET ['destination']);
  }
  else {
    $path = $_GET ['q'];
    $query = drupal_http_build_query(drupal_get_query_parameters());
    if ($query != '') {
      $path .= '?' . $query;
    }
    $destination = array('destination' => $path);
  }
  return $destination;
}

Comments

In my opinion the code $destination = array('destination' => $_GET ['destination']); may impose a xss threat as destination parameter can be exploited to collect the information

http://xyz.com/?destination=%00%3Cscript%3E_q%3Drandom(X160894048Y1Z)%3C%2Fscript%3E

Let me know if my assumption is correct

Your assumption is not correct in general. The $_GET['destination'] is a point where user supplied text gets into a variable, but that variable is designed to be passed to the l() or url() functions which perform sanitization by default.

Any use of this data outside of those functions should take special care to filter it explicitly.

@leeotzu: reporting security concerns in public is extremely bad practice. This page contains instructions on how to report security issues, please follow that process on the next time.

https://www.drupal.org/node/101494