Bug #19523

Updated by Helmut Hummel over 3 years ago

The redirect_url parameter in felogin extension is not filtered by htmlspecialchars.

I have test this on a fresh installed Tzpo3 4.2.2 without anz third partz extensions.
Simple create a loginform and call the login page e.g with this url:


"login" is the alias of the login page

Note: In some cases the server configuration can prevent this isue.

(issue imported from #M9673)