[TYPO3-core] RFC: Bug #13972: cropHTML uses faulty reg exp for HTML entities
Marcus Krause
marcus#exp2010 at t3sec.info
Thu Apr 15 14:40:59 CEST 2010
Ralf Hettinger schrieb am 04/15/2010 01:55 PM Uhr:
> This is an SVN patch request.
>
> Type:
> Bugfix
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=13972
>
> Branches:
> 4.3 (patch applies with offset) & trunk
>
> Problem:
> The feature stdWrap.cropHTML uses a faulty regular expression / search
> pattern for treating encoded HTML entities as a single character, which
> is supposed to avoid cropping in between such entities and counting them
> as one character. The search pattern as used in the current preg_match
> currently always crops after the first semicolon and won't recognize
> such entites reliably.
Could you please add an unit test first which demonstrates that the
regex is broken and therefore fails? cropHTML is covered by unit tests
and all current ones pass. We should stick to this.
desired order:
1. commit a unit test which fails
2. commit the patch that fixes the faulty behaviour
Marcus.
--
Member TYPO3 Security Team
Blog on TYPO3 Security: http://secure.t3sec.info/blog/
More information about the TYPO3-team-core
mailing list