[TYPO3-dev] Bug in 4.1.14 WAS: TYPO3 4.1.14, 4.2.13, 4.3.4 and 4.4.1

Gregor Hermens gregor at a-mazing.de
Wed Jul 28 14:14:25 CEST 2010


Hi,

Oliver Hader schrieb:

> The TYPO3 core team has just released TYPO3 versions 4.1.14, 4.2.13,
> 4.3.4 and 4.4.1, which are now ready for you to download. All versions
> are maintenance releases and contain bugfixes and security fixes.

there's a bug in 4.1.14:

http://bugs.typo3.org/view.php?id=15260

The undefined method t3lib_div::sanitizeLocalUrl() is used several times, 
breaking things like BE logout or clearing all caches.

Backporting this method to 4.1 is no easy option due to PHP4 compatibility 
issues.

I did consider makeing sanitizeLocalUrl() a wrapper for sanitizeBackEndUrl() 
which seems to be an early version of saniziteLocalUrl(). For this to work, 
':' would have to be added to the regular expression of 
sanitizeBackEndUrl(). This might break security elswhere...

I'm out of options right now, so someone more involved into the core should 
take a look at this issue.

Greetings,
Gregor
-- 
http://www.a-mazing.de/   |   Certified TYPO3 Integrator





More information about the TYPO3-dev mailing list