[TYPO3-core] RFC: #15280: felogin redirect doesn't work anymore after update to latest releases (4.2x - 4.4.x)
Oliver Klee
typo3-german-02 at oliverklee.de
Mon Aug 2 17:31:25 CEST 2010
Hi,
Am 02.08.2010 16:51, schrieb Helmut Hummel:
> The following URLs need to be accepted:
> 1. relative urls (index.php or /index.php)
> 2. absolute urls of the same host
> (http://host.tld/index.php?id=3&redirect_url=http://host.tld/index.php?id=4)
>
> 3. absolute urls with the host (and first path part if domainrecords are
> configured like this) found in sys_domains.
>
> The following URLs must not be accepted:
> 1. URLs with no host and scheme, but a leading slash, where the first
> part of the path is not identical to the current path (This should avoid
> to be able to redirect outside of the current TYPO3 installation, if the
> current installation is located in a subdirectory, e.g.:
> http://hoster.tld/cms1/)
I strongly recommend to put this in unit tests. This will make testing a
lot quicker, and it will also prevent regressions in the future.
Oli
--
Certified TYPO3 Integrator | TYPO3 Security Team Member
More information about the TYPO3-team-core
mailing list