Bug #82534
closedFelogin redirect by domain entries referer
0%
Description
There is a bug in the redirect by domain entries. According to the docs it is the same like redirect by referer, but the domain has to be defined in plugin.tx_felogin_pi1.domains. But this was not necessary (nothing changed, no redirect), instead the domain must be defined as a domain record.
In my case I wanted to redirect to a domain called https://intranet.xyz.de (intranet.xyz.de is a totally different server, no TYPO3). For this I had to create a domain record for the domain intranet.xyz.de. If the referer was not in the header, it also works as get parameter. But only if the domain is defined as a domain record.
This is because in felogin/Classes/Controller/FrontendLoginController.php function validateRedirectUrl is called which calls isInLocalDomain and in isInLocalDomain the domain records get checked. Instead it should not check isInLocalDomain but plugin.tx_felogin_pi1.domains.
I would prefer just to define the domain in plugin.tx_felogin_pi1.domains like mentioned in the documentation and no domain records.
Updated by Riccardo De Contardi about 4 years ago
If I am not totally wrong, this issue could be still present on 9.5.x and should be solved on version 10.4.0-dev (latest master)
(See function processRedirect in EXT:felogin/Classes/Controller/FrontendLoginController.php - lines 840+
case 'refererDomains': // Auto redirect. // Feature to redirect to the page where the user came from (HTTP_REFERER). // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains // Thanks to plan2.net / Martin Kutschker for implementing this feature. // also avoid redirect when logging in after changing password if (isset($this->conf['domains']) && $this->conf['domains'] && (!isset($this->piVars['redirectReferrer']) || $this->piVars['redirectReferrer'] !== 'off') ) { $url = $this->referer; // Is referring url allowed to redirect? $match = []; if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) { $redirect_domain = $match[1]; $found = false; foreach (GeneralUtility::trimExplode(',', $this->conf['domains'], true) as $d) { if (preg_match('/(?:^|\\.)' . $d . '$/', $redirect_domain)) { $found = true; break; } } if (!$found) { $url = ''; } } // Avoid forced logout, when trying to login immediately after a logout if ($url) { $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url); } } break;
Updated by Markus Klein over 3 years ago
- Status changed from New to Closed
Closing due to lack of feedback.
Updated by Bernhard Eckl over 3 years ago
There is no feedback to give. Which info do you need?