Bug #75915: Unsafe removing of empty redirect urls - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #75915

closed

Unsafe removing of empty redirect urls

Added by Sven Wappler almost 8 years ago. Updated over 5 years ago.

Status:

Closed

Priority:

Must have

Assignee:

Category:

felogin

Target version:

next-patchlevel

Start date:

2016-04-25

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

6.2

PHP Version:

Tags:

felogin

Complexity:

Is Regression:

Sprint Focus:

Description

In class FrontendLoginController in method processRedirect in line 749 an implode and explode is used with a delimiter sign (,) which can be part of the redirect url. This can lead to faulty redirects. My suggestion: Use a sign which cannot be part of an url. Or just maybe the php function array_filter, which removes empty array values.

Problematic location:

// Remove empty values
if (!empty($redirect_url)) {
   return GeneralUtility::trimExplode(',', implode(',', $redirect_url), true);
}

Example:

$redirect_url maybe can be:

$redirect_url = array('http://domain/test/123,343');

'123,343' is a GET parameter.
This would redirect to http://domain/test/123 or 343

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #75915

Unsafe removing of empty redirect urls

Updated by Gerrit Code Review over 7 years ago

Updated by Gerrit Code Review over 7 years ago

Updated by Gerrit Code Review over 7 years ago

Updated by Georg Ringer over 7 years ago

Updated by Benni Mack over 5 years ago