[SECURITY] Open redirection with jumpurl 32/18732/2
authorFranz G. Jahn <franzjahn@cron-it.de>
Wed, 6 Mar 2013 10:49:12 +0000 (11:49 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 6 Mar 2013 10:49:15 +0000 (11:49 +0100)
commitc6f0f43560cf2ffc38f236edc354169ceb0b633c
treeee33c14ff1e18d7393299f20f4ea3354e8fb2ef9
parentd62550e9d1332ceaa263b9bda14cd3e20839aa30
[SECURITY] Open redirection with jumpurl

jumpurl allows redirect to any given URL. A hash on the url
is now required to know if the jumpurl has been created
by the system or by the outside.

The hook "jumpurlRedirectHandler" can be used to allow
redirects without hash or to custom redirects.

Fixes: #28587
Releases: 6.1, 6.0, 4.7, 4.6, 4.5
Change-Id: I63da18b1963ec50cd95dd49d1669c9873b7bab54
Security-Commit: db8748be003fdbd7fd179c239dd3dc92543e90bf
Security-Bulletin: TYPO3-CORE-SA-2013-001
Reviewed-on: https://review.typo3.org/18732
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php