[TYPO3-english] CoolURI and link tag shot by Sec. Upd. 6.2.16?

Markus Klein markus.klein at typo3.org
Thu Dec 17 18:56:11 CET 2015 

Hi!

It seems you didn't understand the bulletin correctly.
The code depicted there shows the TS that has been *added*.
Hence, for your usecase you need to *undo* those changes by overriding them.

Try:

tt_content.bullets.20.split.1.htmlSpecialChars = 0
tt_content.bullets.20.split.2.htmlSpecialChars = 0
tt_content.image.20.caption.1.1.htmlSpecialChars = 0


Depending on your content there, you may have to add the parseFunc there again as well, but try those three lines first.

Kind regards
Markus

------------------------------------------------------------
Markus Klein
TYPO3 CMS Active Contributors Team Member

TYPO3 .... inspiring people to share!
Get involved: typo3.org

> -----Original Message-----
> From: typo3-english-bounces at lists.typo3.org [mailto:typo3-english-
> bounces at lists.typo3.org] On Behalf Of Axel Joensson
> Sent: Thursday, December 17, 2015 6:12 PM
> To: typo3-english at lists.typo3.org
> Subject: Re: [TYPO3-english] CoolURI and link tag shot by Sec. Upd. 6.2.16?
> 
> Hi MArkus,
> 
> thx for replying. So far, I had this in my TS Setup:
> 
>   tt_content.textpic.20.text.wrap >
>   tt_content.bullets.20.split.1.wrap = <li>|</li>
>   tt_content.bullets.20.split.2.wrap = <li>|</li>
>   tt_content.bullets.20.dataWrap = <ul class="textliste">|</ul>
> 
> Now I tried to add the parse section by pasting this into it from your
> link (expecting a solution there, I had so far looked only into
> .../typo3-core-sa-2015-012/):
> 
>  tt_content.bullets.20.split {
>      1.parseFunc >
>      1.htmlSpecialChars = 1
> 
>      2.parseFunc >
>      2.htmlSpecialChars = 1
>  }
> 
> However, regardless of the position I paste it in the aforementioned
> block, it doesn't do the trick. Additionally, as mentioned in my second
> post in this thread, the simple "link" syntax worked in other places
> without adapting. Any clues?
> 
> Greets!
> 
> Markus Klein <markus.klein at typo3.org> wrote:
> 
> > Hi!
> >
> > You have been warned:
> >
> > http://typo3.org/teams/security/security-bulletins/typo3-core/
> >typo3-core-sa-2015-013/
> >
> > > Please note, that in case editors were allowed to edit HTML in your
> >>particular installation,
> > > that you need to adapt the TypoScript to allow HTML input again.
> > > Be aware however that your editors will have full control over HTML,
> > > which equals to having permission to create HTML content elements.
> >
> > Kind regards
> > Markus
> >
> > ------------------------------------------------------------
> > Markus Klein
> > TYPO3 CMS Active Contributors Team Member
> >
> > TYPO3 .... inspiring people to share!
> > Get involved: typo3.org
> >
> > > -----Original Message-----
> > > From: typo3-english-bounces at lists.typo3.org [mailto:typo3-english-
> > > bounces at lists.typo3.org] On Behalf Of Axel Joensson
> > > Sent: Thursday, December 17, 2015 5:44 PM
> > > To: typo3-english at lists.typo3.org
> > > Subject: [TYPO3-english] CoolURI and link tag shot by Sec. Upd. 6.2.16?
> > >
> > > Hi there,
> > >
> > > two days ago my hoster updated a five language T3 6.2.15 website to
> > > 6.2.16.
> > >
> > > Today I first discovered that the CoolURIconf.xml (I had updated it just
> > > about three weeks ago to the recent version 1.1.1) had simply vanished
> > > from the typo3conf directory, while an old version (renamed for backup
> > > purposes to CoolURIconf-old.xml) was still present. Uploading the
> > > recently changed version by ftp to its place, CoolURI immediately awoke
> > > from knock-out and reassumed service.
> > >
> > > How can an automated patch update shoot the conf-file of an up-to-date
> > > ext in its last available version for no reason? Didn't that happen to
> > > anyone else? And WHY?
> > >
> > > Then something else: In each language in my site, there is a link page
> > > with about 100 links available. I choose a list as content element type,
> > > so each link is preceded by a dot. The syntax I used is simple and old,
> > > each link as plaintext in a line of its own:
> > >
> > > <link http://www.example.com/1>Anchor 1</link>
> > > <link http://www.example.com/2>Anchor 2</link>
> > >
> > > While T3 so far used to make proper clickable links out if this, it now
> > > suddenly vomits the plaintext text as quoted above into the webpage.
> No
> > > link, plain, unchanged syntax as entered.
> > >
> > > Wouldn't it be nice to warn people if (obviously) an old tag is about to
> > > be executed? Or why does this syntax suddenly work no more? What am
> I
> > > expected to do?
> > >
> > > That wasn't a nice way of providing a system security update patch, at
> > > least to me.
> > >
> > > Greets,
> > > Axel
> > > _______________________________________________
> > > TYPO3-english mailing list
> > > TYPO3-english at lists.typo3.org
> > > http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english

More information about the TYPO3-english mailing list