[SECURITY] Open redirection with jumpurl 27/18727/2
authorFranz G. Jahn <franzjahn@cron-it.de>
Wed, 6 Mar 2013 10:48:37 +0000 (11:48 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 6 Mar 2013 10:48:41 +0000 (11:48 +0100)
commit71135d82ccb74b3ccf8673ce197cd8c4340d5163
treea33e7c8fd75eaf872e588294840325e0c02e92a3
parent0d77b8620eaebe216fdddf996367d219fe28fc99
[SECURITY] Open redirection with jumpurl

jumpurl allows redirect to any given URL. A hash on the url
is now required to know if the jumpurl has been created
by the system or by the outside.

The hook "jumpurlRedirectHandler" can be used to allow
redirects without hash or to custom redirects.

Fixes: #28587
Releases: 6.1, 6.0, 4.7, 4.6, 4.5
Change-Id: I63da18b1963ec50cd95dd49d1669c9873b7bab54
Security-Commit: 3c9774e15f7e0873addd48688be44110d1eccbb7
Security-Bulletin: TYPO3-CORE-SA-2013-001
Reviewed-on: https://review.typo3.org/18727
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
t3lib/class.t3lib_div.php
typo3/sysext/cms/tslib/class.tslib_content.php
typo3/sysext/cms/tslib/class.tslib_fe.php