Item11866: HompagePagePlugin redirects to malformed targets
Priority: Urgent
Current State: Closed
Released In: 2.0.0
Target Release: major
The current
HomePagePlugin heavily relies on a specific form being attached to the user's profile page, which defaults to
UserForm. This DataForm has got a HomePage field that is used to redirect to when the user logs in. Now when this formfield is malformed or contains unexpected values that don't lend towards a nice web.topic, foswiki will happily try to redirect to that target anyway.
This error was fixed before but got reintroduced again by
http://trac.foswiki.org/changeset/14717. Before, the plugin checked the target topic existed before trying to redirect to it. Now, it redirects in any case no matter how malformed the target address is.
How to reproduce:
Enter:
HomePage = http://www.google.com
into your user profile.
--
MichaelDaum - 16 May 2012