[TYPO3] weird url injection

Michael Stucki michael at typo3.org
Tue Apr 10 11:53:27 CEST 2007

Hi Debora,

> What's the problem:
> - The urls (both internal and external and inside google!) have this added
> to it:
>       ...      "?ref=Fuckonly.com" ...

If this appears in every link, then either you have added "ref" to
config.linkVars, or someone has hacked up your TYPO3 source.

If a page is not cached yet, then there is a small possibility that someone
"injects" strings (not URLs - they are not clickable) into your websites by
adding some test right behind a key listed in config.linkVars (e.g.

You can prevent this in versions 4.1 and later by modifying the linkVars
parameter to something like: config.linkVars = L(1-3),other_parameters,...

This will cause that the "L" parameter is only added to URLs if it is either
1, 2 or 3. See TSref 4.1 for more details about that.

- michael
Use a newsreader! Check out

More information about the TYPO3-english mailing list