Bug #82534

Felogin redirect by domain entries referer

Added by Bernhard Eckl about 3 years ago. Updated about 1 month ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
felogin
Target version:
-
Start date:
2017-09-21
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
7
PHP Version:
7.0
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

There is a bug in the redirect by domain entries. According to the docs it is the same like redirect by referer, but the domain has to be defined in plugin.tx_felogin_pi1.domains. But this was not necessary (nothing changed, no redirect), instead the domain must be defined as a domain record.

In my case I wanted to redirect to a domain called https://intranet.xyz.de (intranet.xyz.de is a totally different server, no TYPO3). For this I had to create a domain record for the domain intranet.xyz.de. If the referer was not in the header, it also works as get parameter. But only if the domain is defined as a domain record.

This is because in felogin/Classes/Controller/FrontendLoginController.php function validateRedirectUrl is called which calls isInLocalDomain and in isInLocalDomain the domain records get checked. Instead it should not check isInLocalDomain but plugin.tx_felogin_pi1.domains.

I would prefer just to define the domain in plugin.tx_felogin_pi1.domains like mentioned in the documentation and no domain records.

#1

Updated by Susanne Moog about 3 years ago

  • Category set to felogin
#2

Updated by Riccardo De Contardi 8 months ago

If I am not totally wrong, this issue could be still present on 9.5.x and should be solved on version 10.4.0-dev (latest master)

(See function processRedirect in EXT:felogin/Classes/Controller/FrontendLoginController.php - lines 840+

                        case 'refererDomains':
                            // Auto redirect.
                            // Feature to redirect to the page where the user came from (HTTP_REFERER).
                            // Allowed domains to redirect to, can be configured with plugin.tx_felogin_pi1.domains
                            // Thanks to plan2.net / Martin Kutschker for implementing this feature.
                            // also avoid redirect when logging in after changing password
                            if (isset($this->conf['domains']) && $this->conf['domains']
                                && (!isset($this->piVars['redirectReferrer']) || $this->piVars['redirectReferrer'] !== 'off')
                            ) {
                                $url = $this->referer;
                                // Is referring url allowed to redirect?
                                $match = [];
                                if (preg_match('#^http://([[:alnum:]._-]+)/#', $url, $match)) {
                                    $redirect_domain = $match[1];
                                    $found = false;
                                    foreach (GeneralUtility::trimExplode(',', $this->conf['domains'], true) as $d) {
                                        if (preg_match('/(?:^|\\.)' . $d . '$/', $redirect_domain)) {
                                            $found = true;
                                            break;
                                        }
                                    }
                                    if (!$found) {
                                        $url = '';
                                    }
                                }
                                // Avoid forced logout, when trying to login immediately after a logout
                                if ($url) {
                                    $redirect_url[] = preg_replace('/[&?]logintype=[a-z]+/', '', $url);
                                }
                            }
                            break;
#3

Updated by Markus Klein about 1 month ago

  • Status changed from New to Closed

Closing due to lack of feedback.

#4

Updated by Bernhard Eckl about 1 month ago

There is no feedback to give. Which info do you need?

Also available in: Atom PDF