felogin redirect doesn't work anymore after update to Typo3 4.2.13
After updating Typo3 the TS for group redirection doesn't work anymore. Also changing settings in the flexform doesn't help. The pages the users are redirected aren't restricted.
After login the standerd felogin message "Sie sind nun angemeldet als %s" is shown.
(issue imported from #M15280)
Updated by Lienhart Woitok about 11 years ago
I investigated this a bit. I found that the redirect url is now validated against XSS attacks and such things, which is a good thing for sure. Unfortunately this new validation calls t3lib_div::isValidUrl, which does a filter_var() with FILTER_VALIDATE_URL and the flag FILTER_FLAG_SCHEME_REQUIRED.
The URL that is built for group based redirects is a local url without a hostname (at least in my case, which worked perfectly before the update): login/restricted-page.html
This URL is built with a call to $this->pi_getPageLink() (by the way, I think the arguments given to this function are wrong as the second parameter should be a string $target but is given as array()).
For now, I got the site up and running again by modifying EXT:felogin/pi1/class.tx_felogin_pi1.php in line 351. I changed this line from
$redirect_url = $this->pi_getPageLink($row0,array(),true); // take the first group with a redirect page
$redirect_url = t3lib_div::locationHeaderUrl($this->pi_getPageLink($row0,array(),true)); // take the first group with a redirect page
I'm not sure if this is a good solution to the problem at hand, but it got me up and running again. I attach a patch regardless.
Updated by Markus Klein about 11 years ago
try to replace line 370 in felogin/pi1/class.tx_felogin_pi1.php
$redirect_url = $this->redirectUrl;
$redirect_url = t3lib_div::locationHeaderUrl($this->redirectUrl);
Maybe this helps in your case.
sorry wrong file version. you've got a different file!
Updated by Peter Linzenkirchner about 11 years ago
There are two errors in the function validateRedirectUrl:
- t3lib_div::isValidUrl($sanitizedUrl) => returns empty string when no host is defined.
. $this->isInCurrentDomain($sanitizedUrl) || $this->isInLocalDomain($sanitizedUrl) => returns redirect_url only when host is defined.
So config.typolinkLinkAccessRestrictedPages does not work anymore.
I tested it for TYPO3 4.4.1 and 3.4.4
Updated by Helmut Hummel almost 11 years ago
strpos($parsedUrl['path'], t3lib_div::getIndpEnv('TYPO3_SITE_PATH')) === 0)
should evaluate to true.
So no need to change the first condition which would definetly be wrong.
The only thing which I can imagine what does not work for you is parse_url.
Can you please debug the contents of $parsedUrl['path'] when you provide "/agb.html" as redirect_url?
Updated by Markus Klein almost 11 years ago
Sorry, but I just exported class.tx_felogin_pi1.php from tag 4-2-13 and tried to patch it.
unfortunately two bad things:
1.) none of the patches - except the first two - work; the ext even stops displaying any output -> no login form visible anymore
2.) patch v6 cannot be applied, since line 32 of the patch is different to the line in 4-2-13 (AND instead of &&)
The problem is I can't figure out, why it stops displaying the form. No errors no warnings. grml