[SECURITY] Open redirection with jumpurl 34/18734/2
authorFranz G. Jahn <franzjahn@cron-it.de>
Wed, 6 Mar 2013 10:49:25 +0000 (11:49 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 6 Mar 2013 10:49:27 +0000 (11:49 +0100)
commit62a17a28d9006d444c9cddb3c7dbc5589ad465bb
tree66d216f283b8b2e1ecb49c3ac54718bf1f301420
parent036ed56da4e30ad1846beeed95c8abdb573bbdfd
[SECURITY] Open redirection with jumpurl

jumpurl allows redirect to any given URL. A hash on the url
is now required to know if the jumpurl has been created
by the system or by the outside.

The hook "jumpurlRedirectHandler" can be used to allow
redirects without hash or to custom redirects.

Fixes: #28587
Releases: 6.1, 6.0, 4.7, 4.6, 4.5
Change-Id: I63da18b1963ec50cd95dd49d1669c9873b7bab54
Security-Commit: ad62088840f78ed3947cfb9b66ef20d6d9760b69
Security-Bulletin: TYPO3-CORE-SA-2013-001
Reviewed-on: https://review.typo3.org/18734
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php