Bug #75915

Unsafe removing of empty redirect urls

Added by Sven Wappler over 5 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
felogin
Target version:
Start date:
2016-04-25
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
felogin
Complexity:
Is Regression:
No
Sprint Focus:

Description

In class FrontendLoginController in method processRedirect in line 749 an implode and explode is used with a delimiter sign (,) which can be part of the redirect url. This can lead to faulty redirects. My suggestion: Use a sign which cannot be part of an url. Or just maybe the php function array_filter, which removes empty array values.

Problematic location:

// Remove empty values
if (!empty($redirect_url)) {
   return GeneralUtility::trimExplode(',', implode(',', $redirect_url), true);
}

Example:

$redirect_url maybe can be:

$redirect_url = array('http://domain/test/123,343');

'123,343' is a GET parameter.
This would redirect to http://domain/test/123 or 343

#1

Updated by Gerrit Code Review over 5 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49255

#2

Updated by Gerrit Code Review over 5 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49255

#3

Updated by Gerrit Code Review over 5 years ago

Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49524

#4

Updated by Georg Ringer over 5 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#5

Updated by Benni Mack about 3 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF