[TYPO3-english] CoolURI and link tag shot by Sec. Upd. 6.2.16?

Markus Klein markus.klein at typo3.org
Thu Dec 17 20:24:25 CET 2015


Hi Axel!

The relevant changes are:
https://review.typo3.org/#/c/45282/2/typo3/sysext/css_styled_content/static/setup.txt
https://review.typo3.org/#/c/45284/2/typo3/sysext/css_styled_content/static/setup.txt

This should actually revert things back:

tt_content.bullets.20.split {
  1.parseFunc =< lib.parseFunc
  1.htmlSpecialChars = 0
  2. parseFunc =< lib.parseFunc
  2.htmlSpecialChars = 0
}
tt_content.image.20.caption.1.1 {
  htmlSpecialChars = 0
  parseFunc =< lib.parseFunc
}


Kind regards
Markus

------------------------------------------------------------
Markus Klein
TYPO3 CMS Active Contributors Team Member

TYPO3 .... inspiring people to share!
Get involved: typo3.org

> -----Original Message-----
> From: typo3-english-bounces at lists.typo3.org [mailto:typo3-english-
> bounces at lists.typo3.org] On Behalf Of Axel Joensson
> Sent: Thursday, December 17, 2015 7:35 PM
> To: typo3-english at lists.typo3.org
> Subject: Re: [TYPO3-english] CoolURI and link tag shot by Sec. Upd. 6.2.16?
> 
> Hi,
> 
> I tried that before, too, result was that only the anchor text appears
> in the page, but not as a link. Adding
> 
> tt_content.bullets.20.split.1.parseFunc < ...
> 
> also doesn't bring the parser back. This is what then (in both trials)
> appears in the source:
> 
> <link http:wwwexampleorgindexhtml="" />Anchor</link>
> 
> Greets!
> 
> Markus Klein <markus.klein at typo3.org> wrote:
> 
> > Hi!
> >
> > It seems you didn't understand the bulletin correctly.
> > The code depicted there shows the TS that has been *added*.
> > Hence, for your usecase you need to *undo* those changes by overriding
> them.
> >
> > Try:
> >
> > tt_content.bullets.20.split.1.htmlSpecialChars = 0
> > tt_content.bullets.20.split.2.htmlSpecialChars = 0
> > tt_content.image.20.caption.1.1.htmlSpecialChars = 0
> >
> >
> > Depending on your content there, you may have to add the parseFunc
> there again
> > as well, but try those three lines first.
> >
> > Kind regards
> > Markus
> >
> > ------------------------------------------------------------
> > Markus Klein
> > TYPO3 CMS Active Contributors Team Member
> >
> > TYPO3 .... inspiring people to share!
> > Get involved: typo3.org
> >
> > > -----Original Message-----
> > > From: typo3-english-bounces at lists.typo3.org [mailto:typo3-english-
> > > bounces at lists.typo3.org] On Behalf Of Axel Joensson
> > > Sent: Thursday, December 17, 2015 6:12 PM
> > > To: typo3-english at lists.typo3.org
> > > Subject: Re: [TYPO3-english] CoolURI and link tag shot by Sec. Upd.
> 6.2.16?
> > >
> > > Hi MArkus,
> > >
> > > thx for replying. So far, I had this in my TS Setup:
> > >
> > >   tt_content.textpic.20.text.wrap >
> > >   tt_content.bullets.20.split.1.wrap = <li>|</li>
> > >   tt_content.bullets.20.split.2.wrap = <li>|</li>
> > >   tt_content.bullets.20.dataWrap = <ul class="textliste">|</ul>
> > >
> > > Now I tried to add the parse section by pasting this into it from your
> > > link (expecting a solution there, I had so far looked only into
> > > .../typo3-core-sa-2015-012/):
> > >
> > >  tt_content.bullets.20.split {
> > >      1.parseFunc >
> > >      1.htmlSpecialChars = 1
> > >
> > >      2.parseFunc >
> > >      2.htmlSpecialChars = 1
> > >  }
> > >
> > > However, regardless of the position I paste it in the aforementioned
> > > block, it doesn't do the trick. Additionally, as mentioned in my second
> > > post in this thread, the simple "link" syntax worked in other places
> > > without adapting. Any clues?
> > >
> > > Greets!
> > >
> > > Markus Klein <markus.klein at typo3.org> wrote:
> > >
> > > > Hi!
> > > >
> > > > You have been warned:
> > > >
> > > > http://typo3.org/teams/security/security-bulletins/typo3-core/
> > > >typo3-core-sa-2015-013/
> > > >
> > > > > Please note, that in case editors were allowed to edit HTML in your
> > > >>particular installation,
> > > > > that you need to adapt the TypoScript to allow HTML input again.
> > > > > Be aware however that your editors will have full control over HTML,
> > > > > which equals to having permission to create HTML content elements.
> > > >
> > > > Kind regards
> > > > Markus
> > > >
> > > > ------------------------------------------------------------
> > > > Markus Klein
> > > > TYPO3 CMS Active Contributors Team Member
> > > >
> > > > TYPO3 .... inspiring people to share!
> > > > Get involved: typo3.org
> > > >
> > > > > -----Original Message-----
> > > > > From: typo3-english-bounces at lists.typo3.org [mailto:typo3-english-
> > > > > bounces at lists.typo3.org] On Behalf Of Axel Joensson
> > > > > Sent: Thursday, December 17, 2015 5:44 PM
> > > > > To: typo3-english at lists.typo3.org
> > > > > Subject: [TYPO3-english] CoolURI and link tag shot by Sec. Upd.
> 6.2.16?
> > > > >
> > > > > Hi there,
> > > > >
> > > > > two days ago my hoster updated a five language T3 6.2.15 website to
> > > > > 6.2.16.
> > > > >
> > > > > Today I first discovered that the CoolURIconf.xml (I had updated it
> just
> > > > > about three weeks ago to the recent version 1.1.1) had simply
> vanished
> > > > > from the typo3conf directory, while an old version (renamed for
> backup
> > > > > purposes to CoolURIconf-old.xml) was still present. Uploading the
> > > > > recently changed version by ftp to its place, CoolURI immediately
> awoke
> > > > > from knock-out and reassumed service.
> > > > >
> > > > > How can an automated patch update shoot the conf-file of an up-to-
> date
> > > > > ext in its last available version for no reason? Didn't that happen to
> > > > > anyone else? And WHY?
> > > > >
> > > > > Then something else: In each language in my site, there is a link page
> > > > > with about 100 links available. I choose a list as content element type,
> > > > > so each link is preceded by a dot. The syntax I used is simple and old,
> > > > > each link as plaintext in a line of its own:
> > > > >
> > > > > <link http://www.example.com/1>Anchor 1</link>
> > > > > <link http://www.example.com/2>Anchor 2</link>
> > > > >
> > > > > While T3 so far used to make proper clickable links out if this, it now
> > > > > suddenly vomits the plaintext text as quoted above into the
> webpage.
> > > No
> > > > > link, plain, unchanged syntax as entered.
> > > > >
> > > > > Wouldn't it be nice to warn people if (obviously) an old tag is about to
> > > > > be executed? Or why does this syntax suddenly work no more? What
> am
> > > I
> > > > > expected to do?
> > > > >
> > > > > That wasn't a nice way of providing a system security update patch, at
> > > > > least to me.
> > > > >
> > > > > Greets,
> > > > > Axel
> > > > > _______________________________________________
> > > > > TYPO3-english mailing list
> > > > > TYPO3-english at lists.typo3.org
> > > > > http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english
> > > _______________________________________________
> > > TYPO3-english mailing list
> > > TYPO3-english at lists.typo3.org
> > > http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english



More information about the TYPO3-english mailing list