[BUGFIX] Ensure redirectUrl is a string 95/59795/2
authorAndreas Wolf <dev@a-w.io>
Sun, 24 Feb 2019 15:51:25 +0000 (16:51 +0100)
committerFrank Naegler <frank.naegler@typo3.org>
Fri, 1 Mar 2019 14:57:41 +0000 (15:57 +0100)
Change-Id: I69837c58e8d31eaa094748c55e27b862d501455c
Resolves: #87775
Releases: master
Reviewed-on: https://review.typo3.org/c/59795
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Frank Naegler <frank.naegler@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Frank Naegler <frank.naegler@typo3.org>
typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php

index 89b2a31..525be79 100644 (file)
@@ -77,7 +77,7 @@ class FrontendLoginController extends AbstractPlugin
      *
      * @var string
      */
-    protected $redirectUrl;
+    protected $redirectUrl = '';
 
     /**
      * Flag for disable the redirect
@@ -150,14 +150,14 @@ class FrontendLoginController extends AbstractPlugin
         // GPvars:
         $this->logintype = GeneralUtility::_GP('logintype');
 
-        if ($this->urlValidator->isValid(GeneralUtility::_GP('referer'))) {
+        if ($this->urlValidator->isValid((string)GeneralUtility::_GP('referer'))) {
             $this->referer = GeneralUtility::_GP('referer');
         } else {
             $this->referer = '';
         }
         $this->noRedirect = $this->piVars['noredirect'] || $this->conf['redirectDisable'];
         // If config.typolinkLinkAccessRestrictedPages is set, the var is return_url
-        $this->redirectUrl = GeneralUtility::_GP('return_url') ?: GeneralUtility::_GP('redirect_url');
+        $this->redirectUrl = GeneralUtility::_GP('return_url') ?: (string)GeneralUtility::_GP('redirect_url');
         $this->redirectUrl = $this->urlValidator->isValid($this->redirectUrl) ? $this->redirectUrl : '';
         // Get Template
         $templateFile = $this->conf['templateFile'] ?: 'EXT:felogin/Resources/Private/Templates/FrontendLogin.html';