Bug #82534
closed
Felogin redirect by domain entries referer
Added by Bernhard Eckl over 6 years ago.
Updated over 3 years ago.
Description
There is a bug in the redirect by domain entries. According to the docs it is the same like redirect by referer, but the domain has to be defined in plugin.tx_felogin_pi1.domains. But this was not necessary (nothing changed, no redirect), instead the domain must be defined as a domain record.
In my case I wanted to redirect to a domain called https://intranet.xyz.de (intranet.xyz.de is a totally different server, no TYPO3). For this I had to create a domain record for the domain intranet.xyz.de. If the referer was not in the header, it also works as get parameter. But only if the domain is defined as a domain record.
This is because in felogin/Classes/Controller/FrontendLoginController.php function validateRedirectUrl is called which calls isInLocalDomain and in isInLocalDomain the domain records get checked. Instead it should not check isInLocalDomain but plugin.tx_felogin_pi1.domains.
I would prefer just to define the domain in plugin.tx_felogin_pi1.domains like mentioned in the documentation and no domain records.
If I am not totally wrong, this issue could be still present on 9.5.x and should be solved on version 10.4.0-dev (latest master)
(See function processRedirect in EXT:felogin/Classes/Controller/FrontendLoginController.php - lines 840+
case 'refererDomains':
// Auto redirect.
// Feature to redirect to the page where the user came from (HTTP_REFERER).
// Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
// Thanks to plan2.net / Martin Kutschker for implementing this feature.
// also avoid redirect when logging in after changing password
if (isset($this->conf['domains']) && $this->conf['domains']
&& (!isset($this->piVars['redirectReferrer']) || $this->piVars['redirectReferrer'] !== 'off')
) {
$url = $this->referer;
// Is referring url allowed to redirect?
$match = [];
if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
$redirect_domain = $match[1];
$found = false;
foreach (GeneralUtility::trimExplode(',', $this->conf['domains'], true) as $d) {
if (preg_match('/(?:^|\\.)' . $d . '$/', $redirect_domain)) {
$found = true;
break;
}
}
if (!$found) {
$url = '';
}
}
// Avoid forced logout, when trying to login immediately after a logout
if ($url) {
$redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
}
}
break;
- Status changed from New to Closed
Closing due to lack of feedback.
There is no feedback to give. Which info do you need?
Also available in: Atom
PDF