Bug #23298
closedfelogin redirect doesn't work anymore after update to Typo3 4.2.13
0%
Description
After updating Typo3 the TS for group redirection doesn't work anymore. Also changing settings in the flexform doesn't help. The pages the users are redirected aren't restricted.
After login the standerd felogin message "Sie sind nun angemeldet als %s" is shown.
(issue imported from #M15280)
Files
Updated by Wolfgang Maschke almost 14 years ago
The login page isn't set to "hide at login", too.
Updated by Lienhart Woitok almost 14 years ago
I investigated this a bit. I found that the redirect url is now validated against XSS attacks and such things, which is a good thing for sure. Unfortunately this new validation calls t3lib_div::isValidUrl, which does a filter_var() with FILTER_VALIDATE_URL and the flag FILTER_FLAG_SCHEME_REQUIRED.
The URL that is built for group based redirects is a local url without a hostname (at least in my case, which worked perfectly before the update): login/restricted-page.html
This URL is built with a call to $this->pi_getPageLink() (by the way, I think the arguments given to this function are wrong as the second parameter should be a string $target but is given as array()).
For now, I got the site up and running again by modifying EXT:felogin/pi1/class.tx_felogin_pi1.php in line 351. I changed this line from
$redirect_url = $this->pi_getPageLink($row0,array(),true); // take the first group with a redirect page
to
$redirect_url = t3lib_div::locationHeaderUrl($this->pi_getPageLink($row0,array(),true)); // take the first group with a redirect page
I'm not sure if this is a good solution to the problem at hand, but it got me up and running again. I attach a patch regardless.
Updated by Oliver Hader almost 14 years ago
Thanks Lienhart for pointing out the SCHEME_REQUIRED thingy...
Updated by Wolfgang Maschke almost 14 years ago
Tank you Linhart for your input. Very helpful. Is this problem independent of the Typo3 version? I guess yes. What do you think?
Updated by Markus Klein almost 14 years ago
Please do something about this issue.
ASAP!!!
The patch didn't work for me.
Updated by Markus Klein almost 14 years ago
Applied the fix from Lienhart to the remaining redirect modes.
Works now for me.
Updated by Dorit Rottner almost 14 years ago
We have a problem for the Typo3 4.3.4 release. Defined return_url's via POST or GET Params like index.php?id= with pid or alias don't work anymore. The problem here is the new method t3lib_div::isValidUrl() too.
Updated by Markus Klein almost 14 years ago
Hi Dorit,
try to replace line 370 in felogin/pi1/class.tx_felogin_pi1.php
$redirect_url = $this->redirectUrl;
with
$redirect_url = t3lib_div::locationHeaderUrl($this->redirectUrl);
Maybe this helps in your case.
----------------------------------------------
sorry wrong file version. you've got a different file!
Updated by Dorit Rottner almost 14 years ago
Hi Markus,
thanks for your suggestion.
I changed the line 570 instead of line 370 (I think it was a mistype) as you suggested. But the $sanitizedUrl before callinf the method isValidUrl is the same as before and fails.
Updated by Wolfgang Maschke almost 14 years ago
In my installation Lienharts' modification works perfect for me. Thank you very much!
Typo3: 4.2.13
felogin: 1.0.0
Updated by Helmut Hummel almost 14 years ago
The attached patch does help if you use
config.typolinkLinkAccessRestrictedPages
because the urls there are also relative
Updated by Peter Linzenkirchner almost 14 years ago
There are two errors in the function validateRedirectUrl:
- t3lib_div::isValidUrl($sanitizedUrl) => returns empty string when no host is defined.
. $this->isInCurrentDomain($sanitizedUrl) || $this->isInLocalDomain($sanitizedUrl) => returns redirect_url only when host is defined.
So config.typolinkLinkAccessRestrictedPages does not work anymore.
I tested it for TYPO3 4.4.1 and 3.4.4
Updated by Helmut Hummel almost 14 years ago
Please check 15280_v3_44.diff, which should fix all mentioned problems
Updated by Oliver Hader almost 14 years ago
Affects TYPO3_4-2, TYPO3_4-3, TYPO3_4-4, Trunk
Updated by Oliver Hader almost 14 years ago
Please test the attached patch 0015280_v4.patch which applies for all TYPO3 versions (4.2-4.5). Thanks in advance!
Updated by Markus Klein almost 14 years ago
Seems to work on 4.2.13.
(Didn't test all available redirect methods)
Updated by Lienhart Woitok almost 14 years ago
I tested the patch with group defined redirects and it works fine on 4.2.13. Thank you all for the effort!
Updated by Dimitri Koenig almost 14 years ago
I corrected the function isRelativeUrl in 0015280_v5 so that it returns TRUE if first char is "/" and not false.
Updated by Oliver Hader almost 14 years ago
- path does NOT start with a slash -> returns TRUE
OR - (if path starts with a slash) check whether it's part of the TYPO3 site path
Updated by Dimitri Koenig almost 14 years ago
But it did not work for me so i had to adjust...
Updated by Oliver Hader almost 14 years ago
Ok, can you please tell the URL (path) you wanted to redirect to?
Is your TYPO3 installation in a subdirectory (host.com/subdirectory/typo3)?
Updated by Dimitri Koenig almost 14 years ago
No subdir. Path was: login.html?redirect_url=/agb.html
Updated by Helmut Hummel almost 14 years ago
@Dimitry: what is the complete path to your TYPO3 installation (you can drop the host part)
Meaning, please add the path to login.html also
Updated by Dimitri Koenig almost 14 years ago
Updated by Helmut Hummel almost 14 years ago
Can you please post here what the output of t3lib_div::getIndpEnv('TYPO3_SITE_PATH') is on your site? It should be /
Updated by Helmut Hummel almost 14 years ago
Well then
strpos($parsedUrl['path'], t3lib_div::getIndpEnv('TYPO3_SITE_PATH')) === 0)
should evaluate to true.
So no need to change the first condition which would definetly be wrong.
The only thing which I can imagine what does not work for you is parse_url.
Can you please debug the contents of $parsedUrl['path'] when you provide "/agb.html" as redirect_url?
Thanks
Updated by Helmut Hummel almost 14 years ago
New patch wich fixes the issues mentioned on the core list
Updated by Markus Klein almost 14 years ago
Sorry, but I just exported class.tx_felogin_pi1.php from tag 4-2-13 and tried to patch it.
unfortunately two bad things:
1.) none of the patches - except the first two - work; the ext even stops displaying any output -> no login form visible anymore
2.) patch v6 cannot be applied, since line 32 of the patch is different to the line in 4-2-13 (AND instead of &&)
The problem is I can't figure out, why it stops displaying the form. No errors no warnings. grml
Updated by Markus Klein almost 14 years ago
This patch 0015280_v6_4-2.patch is now working on 4.2.13.
Updated by Oliver Hader almost 14 years ago
Added v8 of the patch for the accordant branches. Helmut provided unit tests for the branches TYPO3_4-3 - Trunk.
Updated by Oliver Hader almost 14 years ago
- TYPO3_4-2 (rev. 8485)
- TYPO3_4-3 (rev. 8486)
- TYPO3_4-4 (rev. 8487)
- Trunk (rev. 8488)