[TYPO3-english] "com_simpledownload"??
Jigal van Hemert
jigal.van.hemert at typo3.org
Mon Feb 24 15:34:47 CET 2014
Hi,
On 24-2-2014 14:58, Axel Joensson wrote:
> Jigal van Hemert <jigal.van.hemert at typo3.org> wrote:
>> Perhaps you have options set in your configuration (or that of an
>> extension) to keep the existing URL parameters when generating a link.
>> If someone manually adds these parameters to test if the exploit with
>> com_simpledownload is available on your server, these links might end up
>> in the cache.
>>
> IIRC, this option=com_simpledownload stuff appeared in the language
> links on top, for which I use sr_languagemenu. In the Constants for
> sr_languagemenu under "Parameters that should not be forwarded", there
> are named "user,pass,sword_list". In the other extensions' Constants,
> there is nothing remarkable referring to typolink, same in the Setup.
I had a quick look in the source code of sr_language_menu 1.5.2 and it
seems to me that all GET and POST parameter, except for the ones set in
'removeParams' are included in the links.
You can file a bug report at [1].
[1] http://forge.typo3.org/projects/extension-sr_language_menu/issues
--
Jigal van Hemert
TYPO3 CMS Active Contributor
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-english
mailing list