J3.x

Login/Logout Redirections broken after upgrade to Joomla 3.4.6

From Joomla! Documentation

This page contains changes which are not marked for translation.

Other languages:
English • ‎español • ‎français • ‎Nederlands
Joomla! 
3.4.6
Quill icon.png
Content is Incomplete

This article or section is incomplete, which means it may be lacking information. You are welcome to assist in its completion by editing it as well. If this article or section has not been edited in several days, please consider helping complete the content.
This article was last edited by Franz.wohlkoenig (talk| contribs) 6 months ago. (Purge)

Wrong redirect after login on front-end since 3.4.6

Errors reported

https://github.com/joomla/joomla-cms/issues/8689

Versions affected

General Information

This pertains only to Joomla! version(s): 3.4.6

General Note

Basically the security of redirection after login/logout was hardened in Joomla 3.4.6 - and this fixed a bug that some relied upon for years. If you are using a manually set url in a login/logout menu item options, then you must make sure that is an internal url, of non-sef, starting with index.php so that Joomla redirects you correctly.

It has always been the case however it was not until now that validation took place. Also note that in other places in Joomla 3.4.6 (like in the login module) and in Joomla 3.5, you are no longer be allowed to manually set a url - you only get a dropdown box to select a menu item to redirect to - this is the future and is much more secure.

What is the cause

How to fix