[TYPO3] weird url injection
Michael Stucki
michael at typo3.org
Tue Apr 10 11:53:27 CEST 2007
Hi Debora,
> What's the problem:
> - The urls (both internal and external and inside google!) have this added
> to it:
> ... "?ref=Fuckonly.com" ...
If this appears in every link, then either you have added "ref" to
config.linkVars, or someone has hacked up your TYPO3 source.
If a page is not cached yet, then there is a small possibility that someone
"injects" strings (not URLs - they are not clickable) into your websites by
adding some test right behind a key listed in config.linkVars (e.g.
http://www.mysite.com/index.php?id=123&L=1www.visitme.com)
You can prevent this in versions 4.1 and later by modifying the linkVars
parameter to something like: config.linkVars = L(1-3),other_parameters,...
This will cause that the "L" parameter is only added to URLs if it is either
1, 2 or 3. See TSref 4.1 for more details about that.
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-english
mailing list