Bug #75915
closed
Unsafe removing of empty redirect urls
100%
Description
In class FrontendLoginController in method processRedirect in line 749 an implode and explode is used with a delimiter sign (,) which can be part of the redirect url. This can lead to faulty redirects. My suggestion: Use a sign which cannot be part of an url. Or just maybe the php function array_filter, which removes empty array values.
Problematic location:
// Remove empty values
if (!empty($redirect_url)) {
return GeneralUtility::trimExplode(',', implode(',', $redirect_url), true);
}
Example:
$redirect_url maybe can be:
$redirect_url = array('http://domain/test/123,343');
'123,343' is a GET parameter.
This would redirect to http://domain/test/123 or 343
Updated by Gerrit Code Review over 8 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49255
Updated by Gerrit Code Review over 8 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49255
Updated by Gerrit Code Review over 8 years ago
Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/49524
Updated by Georg Ringer over 8 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 7135a800b9da2c5bbec234bac7679831a10332af.
Updated by