Bug #99920
closed
Referer redirect broken after update to 11.5.23
Added by Felix Nagel almost 2 years ago. Updated over 1 year ago.
100%
Description
After updating to TYPO3 11.5.23 the redirect after login with redirectMode configured to "referer" and "login" does no longer work as expected.
When using "redirectFirstMethod" one would expect that the system redirects the user to the page configured in "redirectPageLogin" when no referer is given. This does no longer work. When removing "referer" mode from the list, the user is redirected again.
Downgrading to 11.5.22 fixes the issue.
Files
| Unbenannt.PNG (32 KB) Unbenannt.PNG | Felix Nagel, 2023-02-10 12:42 |
Updated by Georg Ringer almost 2 years ago
- Status changed from New to Accepted
- Is Regression set to No
could you do a git blame to find the faulty commit? that would be amazing!
Updated by Torben Hansen almost 2 years ago
- Assignee set to Torben Hansen
I was on this a few weeks ago and this was introduced with https://review.typo3.org/c/Packages/TYPO3.CMS/+/77204
Updated by Torben Hansen almost 2 years ago
Well, looking at the issue for this commit, the patch actually should fix the (old) HTTP referer bug, which it obviously not does correctly.
The login mode referer redirect check does the following:
1. It checks, if either the attribute referer is defined in GET or POST
2. If not, it falls back to HTTP_REFERER (this is new - and wrong)
Instead, the fix should have been to actually fallback to request->getServerParams()['HTTP_REFERER'] in loginAction, so we are able to handle the HTTP_REFERER to the template, where it afterwards can be processed by the RedirectModeHandler
I'll take care of a patch for this.
Updated by Markus Klein almost 2 years ago
- Related to Bug #91844: felogin Redirect to referer is not working at all with Site config 403 errorHandler added
Updated by Felix Nagel almost 2 years ago
Thanks for checking on this Torben!
I did not have the time yet to really test as Georg asked me to, but afaics this commit should be the problematic one: https://github.com/TYPO3-CMS/felogin/commit/eaff29d4b74628bdb6b67c2de670053c5d8cf70b (same as posted by Torben)
Updated by Torben Hansen almost 2 years ago
Just to make clear, what the problem is: The felogin redirect mode "referer" has been fixed with #91844. This means, having configured settings.redirectMode to referer as shown on the screenshot in this ticket will always perform a redirect on referer basis (since now the HTTP_REFERER is also considered and a HTTP request always should have a HTTP_REFERER).
The actually (new) bug here is, that the HTTP_REFERER is evaluated wrong, when the user did enter the password incorrect. This lead to the situation, that the user will be redirected to the page containing the felogin plugin (HTTP_REFERER for failed extbase validation) instead of the original HTTP_REFERER (page the user got redirected to page with felogin)
Updated by Gerrit Code Review almost 2 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77859
Updated by Gerrit Code Review almost 2 years ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77859
Updated by Gerrit Code Review almost 2 years ago
Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77859
Updated by Felix Nagel almost 2 years ago
When reading your latest comment, I'm not so sure about the bug you described. This ticket is about the fact that using referer redirect breaks the redirect fallback chain.
Before TYPO3 11.5.23, when no referer was given, the next redirect mode was used. In my example screenshot a PID defined in "redirectPageLogin". This does no longer work. The user stays on the login page (the page with the plugin) after being successful logged in instead of being redirected to the "redirectPageLogin" PID.
This is still an issue in TYPO3 11.5.24. Downgrading to 11.5.22 fixes the issue.
I've tested patch set 2 in TYPO3 11 and it does fix the issue! Both, redirect on login and referer redirect on login does work again. Thanks a lot!
Updated by Gerrit Code Review over 1 year ago
Patch set 1 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77969
Updated by Torben Hansen over 1 year ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 8085e538dd013a09faa2198d49078804a9f1f96f.
Updated by Gerrit Code Review over 1 year ago
- Status changed from Resolved to Under Review
Patch set 2 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77969
Updated by Gerrit Code Review over 1 year ago
Patch set 3 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77969
Updated by Gerrit Code Review over 1 year ago
Patch set 4 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77969
Updated by Torben Hansen over 1 year ago
- Status changed from Under Review to Resolved
Applied in changeset 3957bfa74e75a11722426cc439bfd7746255acfd.
Updated by 
Updated by Markus Klein over 1 year ago
- Related to Bug #100715: felogin redirect mode by http referer is not working added