[SECURITY] Fix GeneralUtility::sanitizeLocalUrl to detect foreign schemes 21/43121/2
authorNicole Cordes <typo3@cordes.co>
Tue, 8 Sep 2015 08:57:47 +0000 (10:57 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 8 Sep 2015 08:57:58 +0000 (10:57 +0200)
commitf6d8d3dceaad314ab9f51af76dd955275e57fa3d
tree9ddfadbf9a5d978fcd5224524fa191a5d00676e7
parented1e46f89c8e5f699ced245e873d0eff21e5c75e
[SECURITY] Fix GeneralUtility::sanitizeLocalUrl to detect foreign schemes

This patch adds a check to be able to recognize arbitrary schemes which
have to be skipped.

Resolves: #68825
Releases: master, 6.2
Security-Bulletin: TYPO3-CORE-SA-2015-009
Change-Id: I9f98c5730f255f9cb391f0d716457b56e5c3c3a3
Reviewed-on: http://review.typo3.org/43121
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/core/Tests/Unit/Utility/GeneralUtilityTest.php