Bug #46071

External links doesn't work anymore since recent security update 4.5.24

Added by Armin Vieweg over 6 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
-
Target version:
-
Start date:
2013-03-06
Due date:
% Done:

100%

TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

Hello,

since the last update (from today) to 4.5.24 the page doktype "External URL" is not working anymore.

The exception which I just get in frontend is:

#1359987599: jumpurl: Calculated juHash did not match the submitted juHash. 

It seems that you guys, are already recognized the bug:
http://forum.typo3.org/index.php/t/194815/ ;-)


Related issues

Related to TYPO3 Core - Bug #46084: doktype "link to external" doesn't work anymore Closed 2013-03-07
Related to TYPO3 Core - Bug #46463: jumpUrl_transferSession throws hash exception Rejected 2013-03-20

Associated revisions

Revision e429270e (diff)
Added by Helmut Hummel over 6 years ago

[BUFIX] External URL regression by jumpurl security fix

With the jumpurl security fix, pages of type
'Link to external URL' throw a jumpurl
hash exception if called in the frontend. This typically
happens if a HMENU renders such page links.

The patch adapts the TSFE logic to write the required
hash dynamically to _GET to make the jumpurl check happy
that is called later on within the same process if
calling such a 'external url' link.

Change-Id: Ie73cd9710929c72aad4e75543f90c8618797997b
Fixes: #46071
Related: #28587
Releases: 6.1, 6.0, 4.7, 4.6, 4.5
Reviewed-on: https://review.typo3.org/18753
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
Reviewed-by: Gregor Hermens
Tested-by: Gregor Hermens
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Revision 0bee97ed (diff)
Added by Helmut Hummel over 6 years ago

[BUFIX] External URL regression by jumpurl security fix

With the jumpurl security fix, pages of type
'Link to external URL' throw a jumpurl
hash exception if called in the frontend. This typically
happens if a HMENU renders such page links.

The patch adapts the TSFE logic to write the required
hash dynamically to _GET to make the jumpurl check happy
that is called later on within the same process if
calling such a 'external url' link.

Change-Id: Ie73cd9710929c72aad4e75543f90c8618797997b
Fixes: #46071
Related: #28587
Releases: 6.1, 6.0, 4.7, 4.6, 4.5
Reviewed-on: https://review.typo3.org/18765
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Revision abaf8bea (diff)
Added by Helmut Hummel over 6 years ago

[BUFIX] External URL regression by jumpurl security fix

With the jumpurl security fix, pages of type
'Link to external URL' throw a jumpurl
hash exception if called in the frontend. This typically
happens if a HMENU renders such page links.

The patch adapts the TSFE logic to write the required
hash dynamically to _GET to make the jumpurl check happy
that is called later on within the same process if
calling such a 'external url' link.

Change-Id: Ie73cd9710929c72aad4e75543f90c8618797997b
Fixes: #46071
Related: #28587
Releases: 6.1, 6.0, 4.7, 4.6, 4.5
Reviewed-on: https://review.typo3.org/18755
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
Reviewed-by: Gregor Hermens
Tested-by: Gregor Hermens
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Revision e34a390e (diff)
Added by Helmut Hummel over 6 years ago

[BUFIX] External URL regression by jumpurl security fix

With the jumpurl security fix, pages of type
'Link to external URL' throw a jumpurl
hash exception if called in the frontend. This typically
happens if a HMENU renders such page links.

The patch adapts the TSFE logic to write the required
hash dynamically to _GET to make the jumpurl check happy
that is called later on within the same process if
calling such a 'external url' link.

Change-Id: Ie73cd9710929c72aad4e75543f90c8618797997b
Fixes: #46071
Related: #28587
Releases: 6.1, 6.0, 4.7, 4.6, 4.5
Reviewed-on: https://review.typo3.org/18767
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

Revision bcfb45e6 (diff)
Added by Helmut Hummel over 6 years ago

[BUFIX] External URL regression by jumpurl security fix

With the jumpurl security fix, pages of type
'Link to external URL' throw a jumpurl
hash exception if called in the frontend. This typically
happens if a HMENU renders such page links.

The patch adapts the TSFE logic to write the required
hash dynamically to _GET to make the jumpurl check happy
that is called later on within the same process if
calling such a 'external url' link.

Change-Id: Ie73cd9710929c72aad4e75543f90c8618797997b
Fixes: #46071
Related: #28587
Releases: 6.1, 6.0, 4.7, 4.6, 4.5
Reviewed-on: https://review.typo3.org/18766
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel

History

#2 Updated by Gerrit Code Review over 6 years ago

  • Status changed from New to Under Review

Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/18753

#3 Updated by Gerrit Code Review over 6 years ago

Patch set 3 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/18753

#4 Updated by Gerrit Code Review over 6 years ago

Patch set 4 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/18753

#5 Updated by Christian Kuhn over 6 years ago

Reproduce:
create a page 'external url', call frontend that renders this page link in a frontend menu, click it -> boom.

#6 Updated by Gerrit Code Review over 6 years ago

Patch set 1 for branch TYPO3_6-0 has been pushed to the review server.
It is available at https://review.typo3.org/18765

#7 Updated by Gerrit Code Review over 6 years ago

Patch set 2 for branch TYPO3_4-5 has been pushed to the review server.
It is available at https://review.typo3.org/18755

#8 Updated by Gerrit Code Review over 6 years ago

Patch set 1 for branch TYPO3_4-6 has been pushed to the review server.
It is available at https://review.typo3.org/18766

#9 Updated by Gerrit Code Review over 6 years ago

Patch set 1 for branch TYPO3_4-7 has been pushed to the review server.
It is available at https://review.typo3.org/18767

#10 Updated by Helmut Hummel over 6 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#11 Updated by Christian Toffolo over 6 years ago

Sorry but this patch doesn't work in my TYPO3 4.7.9 installation.
By instance, site http://www.gamelli.it/ has an external link "Pro" (top right of nav) to http://pro.gamelli.it
this link throws a:

Uncaught TYPO3 Exception
#1359987599: jumpurl: Calculated juHash did not match the submitted juHash. (More information)
Exception thrown in file
***/typo3/sysext/cms/tslib/class.tslib_fe.php in line 2699.

What could I try to fix this?

#12 Updated by Armin Vieweg over 6 years ago

We tested the fix in 4.5.24 and it works.

#13 Updated by Christian Toffolo over 6 years ago

I fixed the problem described in #11 removing:
TSFE.jumpUrl_transferSession = 1

#14 Updated by Adrien Crivelli over 6 years ago

Same here, the extension cbstarter contained TSFE.jumpUrl_transferSession = 1. Removing that line made the error disappear.

Thanks ian !

#15 Updated by Ernesto Baschny about 6 years ago

  • Is Regression set to No

A fix to make it work even if TSFE.jumpUrl_transferSession = 1 is set is presented here: #46463

#16 Updated by Benni Mack about 1 year ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF