[TYPO3-core] RFC: #11396: redirects not working for felogin on pages with access set
Ernesto Baschny [cron IT]
ernst at cron-it.de
Tue Sep 8 19:06:12 CEST 2009
Hi,
haven't tested the patch, but setting ###ACTION_URI### to a string which
might potentially come (unchecked!) from a GET parameter can be pretty
dangerous. There is already code doing that in felogin, AFAIK, so this
has to be checked anyway.
Cheers,
Ernesto
David Slayback schrieb:
> This is an SVN patch request.
>
> Type: Bugfix
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=11396
>
> Branches: TYPO3_4-3, trunk
>
> Problem:
> If you login on a page that has "Hide when login" access restricted, any
> redirectAtLogin settings do not work. If you logout on a page that has
> "Show at any login" access restricted, then redirectAtLogout setting
> does not work.
>
> Solution:
> This handles the cases of login and logout by setting the redirect_url
> correctly.
>
>
> -Dave Slayback
>
More information about the TYPO3-team-core
mailing list