Index: openacs-4/packages/bug-tracker/www/related-file-delete.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/bug-tracker/www/related-file-delete.tcl,v
diff -u -N -r1.4 -r1.5
--- openacs-4/packages/bug-tracker/www/related-file-delete.tcl	6 Aug 2014 16:25:20 -0000	1.4
+++ openacs-4/packages/bug-tracker/www/related-file-delete.tcl	29 May 2016 10:50:02 -0000	1.5
@@ -10,9 +10,15 @@
 } {
     bug_id:naturalnum,notnull
     related_object_id:naturalnum,notnull
-    return_url:optional
+    return_url:optional,trim,notnull
 } -properties {
 } -validate {
+    valid_return_url -requires return_url {
+	# actually, one should use the page filter localurl from OpenACS 5.9
+	if {[util::external_url_p $return_url]} {
+	    ad_complain "invalid return_url"
+	}
+    }
 } -errors {
 }
 
@@ -24,7 +30,7 @@
     ad_script_abort
 }
 
-if {(![info exists return_url] || $return_url eq "")} {
+if {![info exists return_url]} {
     set return_url [export_vars -base "bug" {bug_number}]
 }