[TYPO3-dev] Bug in 4.1.14 WAS: TYPO3 4.1.14, 4.2.13, 4.3.4 and 4.4.1
Gregor Hermens
gregor at a-mazing.de
Wed Jul 28 14:14:25 CEST 2010
Hi,
Oliver Hader schrieb:
> The TYPO3 core team has just released TYPO3 versions 4.1.14, 4.2.13,
> 4.3.4 and 4.4.1, which are now ready for you to download. All versions
> are maintenance releases and contain bugfixes and security fixes.
there's a bug in 4.1.14:
http://bugs.typo3.org/view.php?id=15260
The undefined method t3lib_div::sanitizeLocalUrl() is used several times,
breaking things like BE logout or clearing all caches.
Backporting this method to 4.1 is no easy option due to PHP4 compatibility
issues.
I did consider makeing sanitizeLocalUrl() a wrapper for sanitizeBackEndUrl()
which seems to be an early version of saniziteLocalUrl(). For this to work,
':' would have to be added to the regular expression of
sanitizeBackEndUrl(). This might break security elswhere...
I'm out of options right now, so someone more involved into the core should
take a look at this issue.
Greetings,
Gregor
--
http://www.a-mazing.de/ | Certified TYPO3 Integrator
More information about the TYPO3-dev
mailing list