[TYPO3-dev] jumpurl generally insecure?

[Andreas Kiessling]

Hi,
>
> Philipp Gampe wrote:
>> config.jumpurl_enable = 0
> 
> You provide a direct solution, thus there is no reason for Marc to learn :(
> 

Searching for 'jumpurl_enable' in the source of 4.5 only shows results
in tslib_content. So this setting only affects links that are generated
through some typolink function, but not when tslib_fe is handling the param.

What should work, is unsetting $_GET['jumpurl'] in your localconf.php


Regards,
Andreas