Fixed bug #13137: redirect/returnUrl isn't validated in core (thanks to Georg Ringer...
[Packages/TYPO3.CMS.git] / typo3 / index.php
index 44a0c5b..841c001 100644 (file)
@@ -121,7 +121,7 @@ class SC_index {
                        // We need a PHP session session for most login levels
                session_start();
 
-               $this->redirect_url = t3lib_div::_GP('redirect_url');
+               $this->redirect_url = t3lib_div::sanitizeLocalUrl(t3lib_div::_GP('redirect_url'));
                $this->GPinterface = t3lib_div::_GP('interface');
 
                        // Grabbing preset username and password, for security reasons this feature only works if SSL is used