Actions
Bug #75915
closedUnsafe removing of empty redirect urls
Start date:
2016-04-25
Due date:
% Done:
100%
Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
felogin
Complexity:
Is Regression:
No
Sprint Focus:
Description
In class FrontendLoginController in method processRedirect in line 749 an implode and explode is used with a delimiter sign (,) which can be part of the redirect url. This can lead to faulty redirects. My suggestion: Use a sign which cannot be part of an url. Or just maybe the php function array_filter, which removes empty array values.
Problematic location:
// Remove empty values if (!empty($redirect_url)) { return GeneralUtility::trimExplode(',', implode(',', $redirect_url), true); }
Example:
$redirect_url maybe can be:
$redirect_url = array('http://domain/test/123,343');
'123,343' is a GET parameter.
This would redirect to http://domain/test/123 or 343
Actions