Item11866: HompagePagePlugin redirects to malformed targets
Current State: Closed
Released In: 2.0.0
Target Release: major
The current HomePagePlugin
heavily relies on a specific form being attached to the user's profile page, which defaults to UserForm
. This DataForm has got a HomePage field that is used to redirect to when the user logs in. Now when this formfield is malformed or contains unexpected values that don't lend towards a nice web.topic, foswiki will happily try to redirect to that target anyway.
This error was fixed before but got reintroduced again by http://trac.foswiki.org/changeset/14717
. Before, the plugin checked the target topic existed before trying to redirect to it. Now, it redirects in any case no matter how malformed the target address is.
How to reproduce:
HomePage = http://www.google.com
into your user profile.
- 16 May 2012