Bug #23298

felogin redirect doesn't work anymore after update to Typo3 4.2.13

Added by Wolfgang Maschke about 11 years ago. Updated almost 11 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
felogin
Target version:
-
Start date:
2010-07-29
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

After updating Typo3 the TS for group redirection doesn't work anymore. Also changing settings in the flexform doesn't help. The pages the users are redirected aren't restricted.
After login the standerd felogin message "Sie sind nun angemeldet als %s" is shown.

(issue imported from #M15280)


Files

0015280_v8_42.patch (3.92 KB) 0015280_v8_42.patch Administrator Admin, 2010-08-05 14:35
0015280_v8_43.patch (15.3 KB) 0015280_v8_43.patch Administrator Admin, 2010-08-05 14:35
0015280_v8_44-trunk.patch (15.3 KB) 0015280_v8_44-trunk.patch Administrator Admin, 2010-08-05 14:35
#1

Updated by Wolfgang Maschke about 11 years ago

The login page isn't set to "hide at login", too.

#2

Updated by Lienhart Woitok about 11 years ago

I investigated this a bit. I found that the redirect url is now validated against XSS attacks and such things, which is a good thing for sure. Unfortunately this new validation calls t3lib_div::isValidUrl, which does a filter_var() with FILTER_VALIDATE_URL and the flag FILTER_FLAG_SCHEME_REQUIRED.

The URL that is built for group based redirects is a local url without a hostname (at least in my case, which worked perfectly before the update): login/restricted-page.html
This URL is built with a call to $this->pi_getPageLink() (by the way, I think the arguments given to this function are wrong as the second parameter should be a string $target but is given as array()).

For now, I got the site up and running again by modifying EXT:felogin/pi1/class.tx_felogin_pi1.php in line 351. I changed this line from
$redirect_url = $this->pi_getPageLink($row0,array(),true); // take the first group with a redirect page
to
$redirect_url = t3lib_div::locationHeaderUrl($this->pi_getPageLink($row0,array(),true)); // take the first group with a redirect page

I'm not sure if this is a good solution to the problem at hand, but it got me up and running again. I attach a patch regardless.

#3

Updated by Oliver Hader about 11 years ago

Thanks Lienhart for pointing out the SCHEME_REQUIRED thingy...

#4

Updated by Wolfgang Maschke about 11 years ago

Tank you Linhart for your input. Very helpful. Is this problem independent of the Typo3 version? I guess yes. What do you think?

#5

Updated by Markus Klein about 11 years ago

Please do something about this issue.
ASAP!!!

The patch didn't work for me.

#6

Updated by Markus Klein about 11 years ago

Applied the fix from Lienhart to the remaining redirect modes.
Works now for me.

#7

Updated by Markus Klein about 11 years ago

see bug15280_v2.patch

#8

Updated by Dorit Rottner about 11 years ago

We have a problem for the Typo3 4.3.4 release. Defined return_url's via POST or GET Params like index.php?id= with pid or alias don't work anymore. The problem here is the new method t3lib_div::isValidUrl() too.

#9

Updated by Markus Klein about 11 years ago

Hi Dorit,
try to replace line 370 in felogin/pi1/class.tx_felogin_pi1.php
$redirect_url = $this->redirectUrl;
with
$redirect_url = t3lib_div::locationHeaderUrl($this->redirectUrl);

Maybe this helps in your case.
----------------------------------------------
sorry wrong file version. you've got a different file!

#10

Updated by Dorit Rottner about 11 years ago

Hi Markus,
thanks for your suggestion.
I changed the line 570 instead of line 370 (I think it was a mistype) as you suggested. But the $sanitizedUrl before callinf the method isValidUrl is the same as before and fails.

#11

Updated by Wolfgang Maschke about 11 years ago

In my installation Lienharts' modification works perfect for me. Thank you very much!
Typo3: 4.2.13
felogin: 1.0.0

#12

Updated by Helmut Hummel about 11 years ago

The attached patch does help if you use
config.typolinkLinkAccessRestrictedPages

because the urls there are also relative

#13

Updated by Peter Linzenkirchner about 11 years ago

There are two errors in the function validateRedirectUrl:
- t3lib_div::isValidUrl($sanitizedUrl) => returns empty string when no host is defined.
. $this->isInCurrentDomain($sanitizedUrl) || $this->isInLocalDomain($sanitizedUrl) => returns redirect_url only when host is defined.

So config.typolinkLinkAccessRestrictedPages does not work anymore.

I tested it for TYPO3 4.4.1 and 3.4.4

#14

Updated by Helmut Hummel about 11 years ago

Please check 15280_v3_44.diff, which should fix all mentioned problems

#15

Updated by Oliver Hader about 11 years ago

Affects TYPO3_4-2, TYPO3_4-3, TYPO3_4-4, Trunk

#16

Updated by Oliver Hader about 11 years ago

Please test the attached patch 0015280_v4.patch which applies for all TYPO3 versions (4.2-4.5). Thanks in advance!

#17

Updated by Markus Klein about 11 years ago

Seems to work on 4.2.13.
(Didn't test all available redirect methods)

#18

Updated by Lienhart Woitok about 11 years ago

I tested the patch with group defined redirects and it works fine on 4.2.13. Thank you all for the effort!

#19

Updated by Dimitri Koenig almost 11 years ago

I corrected the function isRelativeUrl in 0015280_v5 so that it returns TRUE if first char is "/" and not false.

#20

Updated by Oliver Hader almost 11 years ago

Dmitri, thanks for your changes, however that part was already correct before:
  • path does NOT start with a slash -> returns TRUE
    OR
  • (if path starts with a slash) check whether it's part of the TYPO3 site path
#21

Updated by Dimitri Koenig almost 11 years ago

But it did not work for me so i had to adjust...

#22

Updated by Oliver Hader almost 11 years ago

Ok, can you please tell the URL (path) you wanted to redirect to?
Is your TYPO3 installation in a subdirectory (host.com/subdirectory/typo3)?

#23

Updated by Dimitri Koenig almost 11 years ago

No subdir. Path was: login.html?redirect_url=/agb.html

#24

Updated by Helmut Hummel almost 11 years ago

@Dimitry: what is the complete path to your TYPO3 installation (you can drop the host part)

Meaning, please add the path to login.html also

#26

Updated by Helmut Hummel almost 11 years ago

Can you please post here what the output of t3lib_div::getIndpEnv('TYPO3_SITE_PATH') is on your site? It should be /

#27

Updated by Dimitri Koenig almost 11 years ago

Yes, it's "/"

#28

Updated by Helmut Hummel almost 11 years ago

Well then

strpos($parsedUrl['path'], t3lib_div::getIndpEnv('TYPO3_SITE_PATH')) === 0)

should evaluate to true.

So no need to change the first condition which would definetly be wrong.
The only thing which I can imagine what does not work for you is parse_url.

Can you please debug the contents of $parsedUrl['path'] when you provide "/agb.html" as redirect_url?

Thanks

#29

Updated by Helmut Hummel almost 11 years ago

New patch wich fixes the issues mentioned on the core list

#30

Updated by Markus Klein almost 11 years ago

Sorry, but I just exported class.tx_felogin_pi1.php from tag 4-2-13 and tried to patch it.

unfortunately two bad things:
1.) none of the patches - except the first two - work; the ext even stops displaying any output -> no login form visible anymore
2.) patch v6 cannot be applied, since line 32 of the patch is different to the line in 4-2-13 (AND instead of &&)

The problem is I can't figure out, why it stops displaying the form. No errors no warnings. grml

#31

Updated by Markus Klein almost 11 years ago

This patch 0015280_v6_4-2.patch is now working on 4.2.13.

#32

Updated by Oliver Hader almost 11 years ago

Added v8 of the patch for the accordant branches. Helmut provided unit tests for the branches TYPO3_4-3 - Trunk.

#33

Updated by Oliver Hader almost 11 years ago

Committed to SVN:
  • TYPO3_4-2 (rev. 8485)
  • TYPO3_4-3 (rev. 8486)
  • TYPO3_4-4 (rev. 8487)
  • Trunk (rev. 8488)
#34

Updated by Ingo Renner almost 11 years ago

released in
4.2.14
4.3.5
4.4.2

Also available in: Atom PDF