Project

General

Profile

Actions

Bug #75915

closed

Unsafe removing of empty redirect urls

Added by Sven Wappler about 8 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
felogin
Target version:
Start date:
2016-04-25
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
felogin
Complexity:
Is Regression:
No
Sprint Focus:

Description

In class FrontendLoginController in method processRedirect in line 749 an implode and explode is used with a delimiter sign (,) which can be part of the redirect url. This can lead to faulty redirects. My suggestion: Use a sign which cannot be part of an url. Or just maybe the php function array_filter, which removes empty array values.

Problematic location:

// Remove empty values
if (!empty($redirect_url)) {
   return GeneralUtility::trimExplode(',', implode(',', $redirect_url), true);
}

Example:

$redirect_url maybe can be:

$redirect_url = array('http://domain/test/123,343');

'123,343' is a GET parameter.
This would redirect to http://domain/test/123 or 343

Actions

Also available in: Atom PDF