Project

General

Profile

Actions

Bug #19223

closed

Redirect type does not redirect when HTTP referrer is an external site

Added by Kevin L over 16 years ago. Updated over 4 years ago.

Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
System/Bootstrap/Configuration
Target version:
-
Start date:
2008-08-15
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
5.0
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
Needs Decision

Description

This is essentially a copy of bug 6615, which has been marked as resolved because it's not related to RealURL.

When navigating to page of type External URL, Typo3 renders the page content of the page (empty), instead of redirecting to the external URL - but only when navigating from an external URL (referrer).

Example:
http://www.uniweb.no/domene/registrere-domene/ [^]
The URL above is page type External URL with redirect to http://ordre.uniweb.no/domreg/searchDialogue.action [^]

This will, however, only work if you navigate to this from a page on http://www.uniweb.no, [^] of more precisely, if the referrer is a page/subpage on http://www.uniweb.no. [^]

If there is no referrer/external referrer, Typo3 will render the content of the page.

Here's a workaround using Apache configuration. Adapt the regex to your particular needs. This one does "/firstname.lastname/" for me.

you must enable mod_headers and mod_setenvif.

SetEnvIf Request_URI "^/[\w\-]+.[\w\-]+/?$" typo3bug6615=true
RequestHeader unset referer env=typo3bug6615
(issue imported from #M9182)


Files


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #17227: Shortcut to external URL if referer-check enabledRejected2007-04-21

Actions
Actions #1

Updated by Luc about 16 years ago

I don't know why but this bug seems to be a feature...

There is a check that the referer is equal to the site before doing a redirect. You may deactivate this check by commenting this line in file typo3/sysext/cms/tslib/index_ts.php

// ************************
// Check JumpUrl
// ***********************
$TSFE->setExternalJumpUrl();
#$TSFE->checkJumpUrlReferer(); <--- comment this line

Unless there is a good reason to leave this check (please explain!), could it be removed from the code?

Actions #2

Updated by Olivier Schopfer almost 16 years ago

Worked fine for me, thanks.

Actions #3

Updated by Mike Bretz about 14 years ago

Considering this is a Feature, the checkJumpUrlReferer method should case insensitive compare hostnames:
Referer can include Uppercase hostnames e.g. in Safari! This leads to not redirecting the user even he is "on" the site, but with uppercased hostname parts like WWW.This-Is-My-T3-Website.com.

Therefor you should include this patch:
diff ruw typo3_src-4.4.4.orig typo3_src-4.4.4
diff -ruw typo3_src-4.4.4.orig/typo3/sysext/cms/tslib/class.tslib_fe.php typo3_src-4.4.4/typo3/sysext/cms/tslib/class.tslib_fe.php
--
typo3_src-4.4.4.orig/typo3/sysext/cms/tslib/class.tslib_fe.php 2010-10-06 10:40:06.000000000 0200
++ typo3_src-4.4.4/typo3/sysext/cms/tslib/class.tslib_fe.php 2010-11-19 11:06:36.000000000 0100
@ -2619,7 +2619,7 @
function checkJumpUrlReferer() {
if (strlen($this->jumpurl) && !$this->TYPO3_CONF_VARS['SYS']['doNotCheckReferer']) {
$referer = parse_url(t3lib_div::getIndpEnv('HTTP_REFERER'));
- if (isset($referer['host']) && !($referer['host'] == t3lib_div::getIndpEnv('TYPO3_HOST_ONLY'))) {
if (isset($referer['host']) && (strcasecmp($referer['host'], t3lib_div::getIndpEnv('TYPO3_HOST_ONLY')) != 0)) {
unset($this->jumpurl);
}
}

Actions #4

Updated by Boris Hinzer almost 14 years ago

The same problem exists if you try to switch two domains within TYPO3 with the language selector and you have links to external urls set as an alternative language inside a page:

Actions #5

Updated by Xavier Perseguers almost 13 years ago

  • Assignee deleted (Steffen Kamper)
  • Target version deleted (0)
Actions #6

Updated by Alexander Opitz over 11 years ago

  • Status changed from Accepted to Needs Feedback

The issue is very old, does this issue exists in newer versions of TYPO3 CMS (4.5 or 6.1)?

Actions #7

Updated by Alexander Opitz about 11 years ago

  • Status changed from Needs Feedback to Closed
  • Is Regression set to No

No feedback for over 90 days.

Actions #8

Updated by Hans Pagel almost 11 years ago

same her in TYPO3 6.1.6

Actions #9

Updated by Stefan Kaufmann almost 11 years ago

and in 6.1.7
When page type is 'external url' and page is in menu, then the redirect to the external url does not work. Only after second click and when cached? it works...

Actions #10

Updated by Tobias Klepp about 10 years ago

I have the same problem in TYPO3 6.2.4. I have a multi site installation and I included some footer links of type external url from another domain. The links rendered absolute but the redirect not working. The referer check forbidden this. I deactivate ther referrer check in the localconfiguration

[SYS][doNotCheckReferer] = 1

But I'm not shure, if this is problematic for security or other reasons.

Actions #11

Updated by David Bruchmann about 8 years ago

  • TYPO3 Version changed from 4.1 to 6.2

Just stumbled upon this bug in TYPO3 Version 6.2.27.

Actions #12

Updated by Riccardo De Contardi about 8 years ago

  • Status changed from Closed to New

Hi and thank you for your report, I am reopening this issue.

Could you verify if this bug also affects version 7.6.x or 8 ? Thank you!

Actions #13

Updated by Susanne Moog about 7 years ago

  • Category set to System/Bootstrap/Configuration
  • Sprint Focus set to PRC
Actions #14

Updated by Riccardo De Contardi over 6 years ago

Hi,
As far as I can remember, since version 7.6.x the "external url" pagetype does not perform a redirection in HMENU. I also tried to perform the following test on TYPO3 version 8.7.12:

1) create a page (ID=52), set type = external url, set the url to www.google.com
2) a standard HMENU on page just renders http://www.google.com inside the href
3) If I type the URL http://typo3.8.test.it:8888/index.php?id=52 the browser will directly go to www.google.com. It is a 303 - see attached screenshot for the details

Do you think it is sufficient to consider the issue closed? Could you write a step-by-step guide about how to reproduce it on newer TYPO3 versions like 7.6.x, 8.7.x or 9.2? Thank you!

Actions #15

Updated by Benni Mack about 6 years ago

  • Status changed from Needs Feedback to Rejected

Closed. No feedback for 6 months, if you want to open up a new ticket please. On top, I'm pretty sure this is fixed in v9 with the new site handling.

Actions #16

Updated by Benni Mack over 4 years ago

  • Sprint Focus changed from PRC to Needs Decision
Actions

Also available in: Atom PDF