[TYPO3-core] RFC: #15280: felogin redirect doesn't work anymore after update to latest releases (4.2x - 4.4.x)
Helmut Hummel
helmut at typo3.org
Mon Aug 2 16:51:31 CEST 2010
Hi Jigal,
thanks a lot for your review!
Am 02.08.2010 10:42, schrieb Jigal van Hemert:
> Helmut Hummel wrote:
>> Bugtracker references:
>> http://bugs.typo3.org/view.php?id=15280
>
> -1 by reading on:
>
> 919» » » $localDomains·=·$GLOBALS['TYPO3_DB']->exec_SELECTgetRows(
> 920» » » » 'domainName',
> 921» » » » 'sys_domain',
> 922» » » » $this->cObj->enableFields('sys_domain')
> 923» » » );
>
> enableFields() returns an extra part of the WHERE clause and this starts
> with ' AND'.
> exec_SELECTgetRows() (and other functions in t3lib_db) will concatenate
> this to ' WHERE ', resulting in:
> ... WHERE AND ....
> This will result in a syntax error in MySQL.
You're completly right. Sorry about that.
> (1) Can you supply a "How to test" recipe?
1. Configure a working login box on a page and optionally some domain
records
2. Pass a redirect_url parameter to that page
(e.g. http://host.tld/index.php?id=3&redirect_url=index.php?id=4)
3. Check if the redirect_url is present in the hidden field of the login
form
The following URLs need to be accepted:
1. relative urls (index.php or /index.php)
2. absolute urls of the same host
(http://host.tld/index.php?id=3&redirect_url=http://host.tld/index.php?id=4)
3. absolute urls with the host (and first path part if domainrecords are
configured like this) found in sys_domains.
The following URLs must not be accepted:
1. URLs with no host and scheme, but a leading slash, where the first
part of the path is not identical to the current path (This should avoid
to be able to redirect outside of the current TYPO3 installation, if the
current installation is located in a subdirectory, e.g.:
http://hoster.tld/cms1/)
> (2) Shouldn't we use t3lib_div::isFirstPartofStr() according to CGL?
> 949» » » »
> //·If·the·relative·URL·starts·with·a·slash,·we·need·to·check·if·it's·within·the·current·site·path
>
> 950» » »
> return·(strpos($parsedUrl['path'],·'/')·!==·0·||·strpos($parsedUrl['path'],·t3lib_div::getIndpEnv('TYPO3_SITE_PATH'))·===·0);
I also thouhgt about this. I will check.
> (3) The following check works, but it takes some time to figure out the
> meaning:
> 928» » » » »
> if·(stripos($host.·$path·.·'/',·rtrim($domainName,·'/')·.·'/')·===·0)·{
> A more readable approach to compare could be a substr-part; this is not
> very essential to this patch
I'll check this. I also had another idea how to solve this...
Regards Helmut
More information about the TYPO3-team-core
mailing list