Project

General

Profile

Actions

Bug #104398

closed

Felogin - ignoring noredirect param

Added by Philipp Parzer 7 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
felogin
Target version:
-
Start date:
2024-07-16
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
12
PHP Version:
8.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

https://github.com/TYPO3/typo3/blob/main/typo3/sysext/felogin/Classes/Controller/LoginController.php#L249

in Line 249 it is checked for argument 'noredirect' - but in

https://github.com/TYPO3/typo3/blob/main/typo3/sysext/felogin/Resources/Private/Templates/Login/Login.html#L76

the f:form.hidden has only a name attribute without extbase context (name="noredirect" instead of name="tx_felogin_login[noredirect]")
so the 'noredirect' argument never gets checked

following test works:

|| (isset($this->request->getParsedBody()['noredirect']) && $this->request->getParsedBody()['noredirect'] === '1')


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Task #105010: Protect felogin controller isRedirectDisabled()Closed2024-09-17

Actions
Actions #1

Updated by Torben Hansen 7 months ago

  • Status changed from New to Accepted
Actions #2

Updated by Torben Hansen 7 months ago

  • Assignee set to Torben Hansen
Actions #3

Updated by Gerrit Code Review 7 months ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/85313

Actions #4

Updated by Gerrit Code Review 7 months ago

Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/85313

Actions #5

Updated by Gerrit Code Review 5 months ago

Patch set 1 for branch 12.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/86144

Actions #6

Updated by Torben Hansen 5 months ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #7

Updated by Christian Kuhn 5 months ago

  • Related to Task #105010: Protect felogin controller isRedirectDisabled() added
Actions #8

Updated by Benni Mack 4 months ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF