[SECURITY] Open redirection with jumpurl
jumpurl allows redirect to any given URL. A hash on the url is now required to know if the jumpurl has been created by the system or by the outside. The hook "jumpurlRedirectHandler" can be used to allow redirects without hash or to custom redirects. Fixes: #28587 Releases: 6.1, 6.0, 4.7, 4.6, 4.5 Change-Id: I63da18b1963ec50cd95dd49d1669c9873b7bab54 Security-Commit: ad62088840f78ed3947cfb9b66ef20d6d9760b69 Security-Bulletin: TYPO3-CORE-SA-2013-001 Reviewed-on: https://review.typo3.org/18734 Reviewed-by: Oliver Hader Tested-by: Oliver Hader
Showing
- typo3/sysext/core/Classes/Utility/GeneralUtility.php 7 additions, 5 deletionstypo3/sysext/core/Classes/Utility/GeneralUtility.php
- typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php 16 additions, 4 deletions.../frontend/Classes/ContentObject/ContentObjectRenderer.php
- typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php 23 additions, 1 deletion...ntend/Classes/Controller/TypoScriptFrontendController.php
Please register or sign in to comment