Item11866: HompagePagePlugin redirects to malformed targets

pencil
Priority: Urgent
Current State: Closed
Released In: 2.0.0
Target Release: major
Applies To: Extension
Component: HomePagePlugin
Branches: trunk
Reported By: MichaelDaum
Waiting For:
Last Change By: GeorgeClark
The current HomePagePlugin heavily relies on a specific form being attached to the user's profile page, which defaults to UserForm. This DataForm has got a HomePage field that is used to redirect to when the user logs in. Now when this formfield is malformed or contains unexpected values that don't lend towards a nice web.topic, foswiki will happily try to redirect to that target anyway.

This error was fixed before but got reintroduced again by http://trac.foswiki.org/changeset/14717. Before, the plugin checked the target topic existed before trying to redirect to it. Now, it redirects in any case no matter how malformed the target address is.

How to reproduce:

Enter:

HomePage = http://www.google.com 

into your user profile.

-- MichaelDaum - 16 May 2012

 
Topic revision: r3 - 05 Jul 2015, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy