Project

General

Profile

Actions
Copy link

Bug #19464

closed

Return URL: Double Encoded characters cause server error

Added by Bernie Pfister about 16 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2008-10-16
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

On our RedHat server, double encoded characters in the return url cause a server error 500.

The forward slash character / can be encoded like this: %2F (HEX encode)

But it can also be encoded like this: %252F (Double encode)

The latter is used in TYPO3 return urls, but causes the above server error. It works when using the HEX encoded characters.

URL like this doesn't work:
...&returnUrl=http%3A%2F%2F ... file_list.php?id=%252Fvar%252Fwww%252F...

This URL works:
...&returnUrl=http%3A%2F%2F ... file_list.php?id=%2Fvar%2Fwww%2F...

From what I was reading, there are security issues with this encoding method, which might be the reason that it's disabled on some servers.

(issue imported from #M9572)

Related issues 1 (0 open1 closed)

Has duplicate TYPO3 Core - Bug #17331: New Subcategory Returns Service UnavailableClosed2007-05-25

Actions
Actions
Copy link

Also available in: Atom PDF