[TYPO3-core] RFC: #15280: felogin redirect doesn't work anymore after update to latest releases (4.2x - 4.4.x)

Oliver Klee typo3-german-02 at oliverklee.de
Mon Aug 2 17:31:25 CEST 2010


Hi,

Am 02.08.2010 16:51, schrieb Helmut Hummel:
> The following URLs need to be accepted:
> 1. relative urls (index.php or /index.php)
> 2. absolute urls of the same host
> (http://host.tld/index.php?id=3&redirect_url=http://host.tld/index.php?id=4)
> 
> 3. absolute urls with the host (and first path part if domainrecords are
> configured like this) found in sys_domains.
> 
> The following URLs must not be accepted:
> 1. URLs with no host and scheme, but a leading slash, where the first
> part of the path is not identical to the current path (This should avoid
> to be able to redirect outside of the current TYPO3 installation, if the
> current installation is located in a subdirectory, e.g.:
> http://hoster.tld/cms1/)

I strongly recommend to put this in unit tests. This will make testing a
lot quicker, and it will also prevent regressions in the future.


Oli
-- 
Certified TYPO3 Integrator | TYPO3 Security Team Member


More information about the TYPO3-team-core mailing list