From 8d52092a428eddf138043197f0e1e90330a7f00b Mon Sep 17 00:00:00 2001
From: Torben Hansen <derhansen@gmail.com>
Date: Sun, 19 Mar 2023 18:59:36 +0100
Subject: [PATCH] [TASK] Optimize referer evaluation in ext:felogin
The redirect evaluation is currently always processed no matter if
a `redirectMode` based on the referer is configured or not. Also, given
referers are checked for validity using `RedirectUrlValidator`, which
logs a message in the TYPO3 log with the log level `warning` if the given
URL is considered as invalid.
This patch adds a check to the referer evaluation, so it is only processed,
if a redirect mode supporting the referer is active. Additionally, the log
level for invalid redirect URLs in `RedirectUrlValidator` is changed to
`debug`, since a warning is not appropriate for invalid redirect URLs.
Resolves: #100197
Releases: main, 11.5
Signed-off-by: Torben Hansen <derhansen@gmail.com>
Change-Id: I10d1723de131e0387f7dd2103c8a1ca21ed015e5
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78733
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
---
.../Classes/Controller/LoginController.php | 16 ++++++++++++++++
.../Classes/Validation/RedirectUrlValidator.php | 2 +-
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/typo3/sysext/felogin/Classes/Controller/LoginController.php b/typo3/sysext/felogin/Classes/Controller/LoginController.php
index 941ab8f97b63..64ba1d194ec3 100644
--- a/typo3/sysext/felogin/Classes/Controller/LoginController.php
+++ b/typo3/sysext/felogin/Classes/Controller/LoginController.php
@@ -31,6 +31,7 @@ use TYPO3\CMS\FrontendLogin\Event\LoginErrorOccurredEvent;
use TYPO3\CMS\FrontendLogin\Event\LogoutConfirmedEvent;
use TYPO3\CMS\FrontendLogin\Event\ModifyLoginFormViewEvent;
use TYPO3\CMS\FrontendLogin\Redirect\RedirectHandler;
+use TYPO3\CMS\FrontendLogin\Redirect\RedirectMode;
use TYPO3\CMS\FrontendLogin\Redirect\ServerRequestHandler;
use TYPO3\CMS\FrontendLogin\Service\UserService;
use TYPO3\CMS\FrontendLogin\Validation\RedirectUrlValidator;
@@ -231,6 +232,11 @@ class LoginController extends AbstractLoginFormController
*/
protected function getRefererForLoginForm(): string
{
+ // Early return, if redirectMode is not configured to respect the referer
+ if (!$this->isRefererRedirectEnabled()) {
+ return '';
+ }
+
$referer = (string)(
$this->request->getParsedBody()['referer'] ??
$this->request->getQueryParams()['referer'] ??
@@ -293,6 +299,16 @@ class LoginController extends AbstractLoginFormController
|| $GLOBALS['TYPO3_CONF_VARS']['FE']['lifetime'] === 0;
}
+ /**
+ * Returns, if redirect based on the referer is enabled
+ */
+ protected function isRefererRedirectEnabled(): bool
+ {
+ $refererRedirectModes = [RedirectMode::REFERER, RedirectMode::REFERER_DOMAINS];
+ $configuredRedirectModes = GeneralUtility::trimExplode(',', $this->settings['redirectMode'] ?? '');
+ return count(array_intersect($configuredRedirectModes, $refererRedirectModes)) > 0;
+ }
+
/**
* Redirect to overview on login successful and setting showLogoutFormAfterLogin disabled
*/
diff --git a/typo3/sysext/felogin/Classes/Validation/RedirectUrlValidator.php b/typo3/sysext/felogin/Classes/Validation/RedirectUrlValidator.php
index 83e04cef3584..311bbe87e45c 100644
--- a/typo3/sysext/felogin/Classes/Validation/RedirectUrlValidator.php
+++ b/typo3/sysext/felogin/Classes/Validation/RedirectUrlValidator.php
@@ -55,7 +55,7 @@ class RedirectUrlValidator implements LoggerAwareInterface
return true;
}
// URL is not allowed
- $this->logger->warning('Url "{url}" was not accepted.', ['url' => $value]);
+ $this->logger->debug('Url "{url}" was not accepted.', ['url' => $value]);
return false;
}
--
GitLab