Fixed bug #13137: redirect/returnUrl isn't validated in core (thanks to Georg Ringer...
[Packages/TYPO3.CMS.git] / typo3 / tce_db.php
index d05841c..e0d96fa 100644 (file)
@@ -117,7 +117,7 @@ class SC_tce_db {
                $this->cmd = t3lib_div::_GP('cmd');
                $this->mirror = t3lib_div::_GP('mirror');
                $this->cacheCmd = t3lib_div::_GP('cacheCmd');
-               $this->redirect = t3lib_div::_GP('redirect');
+               $this->redirect = t3lib_div::sanitizeLocalUrl(t3lib_div::_GP('redirect'));
                $this->prErr = t3lib_div::_GP('prErr');
                $this->_disableRTE = t3lib_div::_GP('_disableRTE');
                $this->CB = t3lib_div::_GP('CB');