 |
|
Item10064: redirectto in Rename broken since 1.1
Priority: Urgent
Current State: Closed
Released In: 1.1.3
Target Release: patch
Current State: Closed
Released In: 1.1.3
Target Release: patch
Applies To: Engine
Component:
Branches:
Component:
Branches:
redirectto url param is not working anymore.
Looking at Foswiki::UI::Rename::rename() makes me think, that its not handled at all.
Unless somebody points me to some code deeper in the core, which takes care of that, I will add some code directly in UI::Rename.
-- OliverKrueger - 22 Nov 2010
We are experiencing the same problem here. No redirect on rename. Once in 1.0.9 working wiki applications fail to rewrite after a rename.
-- AndreLichtsteiner - 29 Nov 2010
Oliver: Foswiki.pm, sub redirectto
-- CrawfordCurrie - 29 Nov 2010
So, if I understand right, the code is all here.
Is there a configuration parameter that needs update in order to redirect to a http:// url after rename?
Here a hack I managed to get to work:
--- /lib/Foswiki/UI/Rename.pm Mon Nov 29 15:15:32 2010
+++ /lib/Foswiki/UI/Rename.pm orig Wed Nov 10 01:29:12 2010
@@ -305,8 +305,2 @@
- my $redirectto = $query->param('redirectto') || '';
-
- if ($redirectto) {
- $new_url = $query->param('redirectto');
- }
-
return $new_url;
-- AndreLichtsteiner - 29 Nov 2010
Yep, except the param should be gated through Foswiki::redirectto to handle web.topic notation aswell.
-- OliverKrueger - 29 Nov 2010
AndreLichtsteiner reports "unsafe" redirects. Its possible to redirect to http://google.com/ although that URL is not in the PermittedFooList.
-- OliverKrueger - 29 Nov 2010
Nevermind my edit, I'm opening a new Task as it seems sufficiently different in nature
-- KiltBear - 03 Jan 2011
Is this task okay to close/release in 1.1.3, or is there a security issue with unsafe redirects? If I try the following on 1.1.3, I get an oops warning about unsafe redirect:
http://some.foswiki.com/rename/Sandbox/TestTopic0?redirectto=http://google.com
...
Attention
Access check on Main.WebHome failed. Action "redirect": unsafe redirect to ARRAY(0x84f7020): host does not match {DefaultUrlHost} , and is not in {PermittedRedirectHostUrls}"http://some.foswiki.com/".
The ARRAY operand suggests that there is something not quite right though. Raising to urgent to verify that there is not an issue with unsafe urls and I'm not recreating the correct test case.
-- GeorgeClark - 09 Mar 2011
The url parameter was not being retrieved from the $query - Works if retrieved from CGI. Verified that unsafe-redirect it caught if the destination is not in the list of authorized hosts.
-- GeorgeClark - 12 Mar 2011
ItemTemplate edit
| Summary | redirectto in Rename broken since 1.1 |
| ReportedBy | OliverKrueger |
| Codebase | trunk |
| SVN Range | |
| AppliesTo | Engine |
| Component | |
| Priority | Urgent |
| CurrentState | Closed |
| WaitingFor | OliverKrueger |
| Checkins | distro:60ab8c784e55 distro:eb3e03bc97ab distro:c4c9f7da6d51 distro:05cdcd567e54 |
| TargetRelease | patch |
| ReleasedIn | 1.1.3 |
Edit | Attach | Print version | History: r15 < r14 < r13 < r12 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r15 - 16 Apr 2011, KennethLavrsen
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy