[BUGFIX] Fix unsafe URL removal in EXT:felogin 24/49524/2
authorGeorg Ringer <georg.ringer@gmail.com>
Thu, 28 Jul 2016 16:01:48 +0000 (18:01 +0200)
committerBenni Mack <benni@typo3.org>
Sun, 21 Aug 2016 16:48:59 +0000 (18:48 +0200)
A comma can be a valid char inside a url and must not used as
delimiter.

Resolves: #75915
Releases: master, 7.6
Change-Id: I0eb3c6389b5d28e96b981217d09c2fef5dbf331d
Reviewed-on: https://review.typo3.org/49524
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php

index 42fbfe4..e2a603c 100644 (file)
@@ -756,9 +756,9 @@ class FrontendLoginController extends \TYPO3\CMS\Frontend\Plugin\AbstractPlugin
                 }
             }
         }
-        // Remove empty values
+        // Remove empty values, but keep "0" as value (that's why "strlen" is used as second parameter)
         if (!empty($redirect_url)) {
-            return GeneralUtility::trimExplode(',', implode(',', $redirect_url), true);
+            return array_filter($redirect_url, 'strlen');
         }
         return array();
     }