[BUGFIX] Ignore non-integer values for type in redirects 37/35037/3
authorBjörn Fromme <mail@bjo3rn.com>
Thu, 4 Dec 2014 13:48:16 +0000 (14:48 +0100)
committerMarkus Klein <klein.t3@reelworx.at>
Thu, 4 Dec 2014 20:44:00 +0000 (21:44 +0100)
For redirects the parameter for page type is not validated as integer
resulting in invalid redirect urls. This patch checks for a valid integer
value and ignores it silently otherwise.

Resolves: #62527
Releases: master, 6.2
Change-Id: I9fd4564a3e4e13e4d64e27e090221e71edf06ae9
Reviewed-on: http://review.typo3.org/35037
Reviewed-by: Cedric Ziel <cedric@cedric-ziel.com>
Tested-by: Cedric Ziel <cedric@cedric-ziel.com>
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php

index 3626fbe..de06c49 100644 (file)
@@ -17,6 +17,7 @@ namespace TYPO3\CMS\Frontend\Controller;
 use TYPO3\CMS\Core\Error\Http\PageNotFoundException;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
 use TYPO3\CMS\Core\Utility\HttpUtility;
+use TYPO3\CMS\Core\Utility\MathUtility;
 use TYPO3\CMS\Frontend\Page\PageRepository;
 
 /**
@@ -3020,7 +3021,7 @@ class TypoScriptFrontendController {
                $cObj = GeneralUtility::makeInstance(\TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::class);
                $parameter = $this->page['uid'];
                $type = GeneralUtility::_GET('type');
-               if ($type) {
+               if ($type && MathUtility::canBeInterpretedAsInteger($type)) {
                        $parameter .= ',' . $type;
                }
                $redirectUrl = $cObj->typoLink_URL(array('parameter' => $parameter));