J3.x

J3.x:Login/Logout Redirections broken after upgrade to Joomla 3.4.6

From Joomla! Documentation


Other languages:
English • ‎español • ‎français • ‎Nederlands
Joomla! 
3.4.6

Wrong redirect after login on front-end since 3.4.6

Errors reported

https://github.com/joomla/joomla-cms/issues/8689

Versions affected

General Information

This pertains only to Joomla! version(s): 3.4.6

General Note

Basically the security of redirection after login/logout was hardened in Joomla 3.4.6 - and this fixed a bug that some relied upon for years. If you are using a manually set url in a login/logout menu item options, then you must make sure that is an internal url, of non-sef, starting with index.php so that Joomla redirects you correctly.

It has always been the case however it was not until now that validation took place. Also note that in other places in Joomla 3.4.6 (like in the login module) and in Joomla 3.5, you are no longer be allowed to manually set a url - you only get a dropdown box to select a menu item to redirect to - this is the future and is much more secure.

What is the cause

How to fix