[TYPO3-english] "com_simpledownload"??
Axel Joensson
a.joensson at web.de
Mon Feb 24 16:17:05 CET 2014
Jigal van Hemert <jigal.van.hemert at typo3.org> wrote:
Hi Jigal,
> Hi,
>
> On 24-2-2014 14:58, Axel Joensson wrote:
> > Jigal van Hemert <jigal.van.hemert at typo3.org> wrote:
> >> Perhaps you have options set in your configuration (or that of an
> >> extension) to keep the existing URL parameters when generating a link.
> >> If someone manually adds these parameters to test if the exploit with
> >> com_simpledownload is available on your server, these links might end up
> >> in the cache.
> >>
>
> > IIRC, this option=com_simpledownload stuff appeared in the language
> > links on top, for which I use sr_languagemenu. In the Constants for
> > sr_languagemenu under "Parameters that should not be forwarded", there
> > are named "user,pass,sword_list". In the other extensions' Constants,
> > there is nothing remarkable referring to typolink, same in the Setup.
>
> I had a quick look in the source code of sr_language_menu 1.5.2 and it
> seems to me that all GET and POST parameter, except for the ones set in
> 'removeParams' are included in the links.
>
> You can file a bug report at [1].
>
> [1] http://forge.typo3.org/projects/extension-sr_language_menu/issues
thx, done: <http://forge.typo3.org/issues/56243>!
Axel
More information about the TYPO3-english
mailing list