Index: openacs-4/packages/bug-tracker/www/patch-add.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/bug-tracker/www/patch-add.tcl,v
diff -u -r1.18 -r1.19
--- openacs-4/packages/bug-tracker/www/patch-add.tcl	27 Jun 2015 18:01:15 -0000	1.18
+++ openacs-4/packages/bug-tracker/www/patch-add.tcl	29 May 2016 10:50:02 -0000	1.19
@@ -10,7 +10,14 @@
 } {
     bug_number:integer,optional
     component_id:naturalnum,optional
-    {return_url ""}
+    {return_url:notnull,trim ""}
+} -validate {
+    valid_return_url -requires return_url {
+	# actually, one should use the page filter localurl from OpenACS 5.9
+	if {[util::external_url_p $return_url]} {
+	    ad_complain "invalid return_url"
+	}
+    }
 }
 
 permission::require_permission -object_id [ad_conn package_id] -privilege create