Fixed bug #13137: redirect/returnUrl isn't validated in core (thanks to Georg Ringer...
[Packages/TYPO3.CMS.git] / typo3 / file_newfolder.php
index aa392cb..cc011a5 100644 (file)
@@ -120,7 +120,7 @@ class SC_file_newfolder {
                        // Initialize GPvars:
                $this->number = t3lib_div::_GP('number');
                $this->target = t3lib_div::_GP('target');
-               $this->returnUrl = t3lib_div::_GP('returnUrl');
+               $this->returnUrl = t3lib_div::sanitizeLocalUrl(t3lib_div::_GP('returnUrl'));
 
                        // Init basic-file-functions object:
                $this->basicff = t3lib_div::makeInstance('t3lib_basicFileFunctions');