Fixed bug #13137: redirect/returnUrl isn't validated in core (thanks to Georg Ringer...
[Packages/TYPO3.CMS.git] / typo3 / template.php
index 01d1bf8..f191579 100644 (file)
@@ -598,7 +598,7 @@ class template {
                ));
 
                $out ="
-       var T3_RETURN_URL = '".str_replace('%20','',rawurlencode(t3lib_div::_GP('returnUrl')))."';
+       var T3_RETURN_URL = '".str_replace('%20','',rawurlencode(t3lib_div::sanitizeLocalUrl(t3lib_div::_GP('returnUrl'))))."';
        var T3_THIS_LOCATION = '".str_replace('%20','',rawurlencode($thisLocation))."';
                ";
                return $out;