[Typo3-dev] security suggestion for tipafriend ext
Chi Hoang
hoang at planb-media.de
Wed Jun 9 09:50:15 CEST 2004
Thorsten Kahler wrote:
> You can set $GLOBALS['TSFE']->jumpurl to redirect to the value of
> jumpurl. It's used _after_ page generation to send a header('Location:
> somewhere') where appropriate.
>
> So you can determine in main_tipafriend() if
> $this->piVars['something'] is set. If it's set you can write some
> values to the fe_user session (which is not possible if you use
> header('Location: somewhere') in you extension code!) and set the
> jumpurl value to "somewhere".
I didnt know. Maybe you can fix that hole then? Thanks,
Greets,
Chi
More information about the TYPO3-dev
mailing list