[TYPO3-core] RFC: jsfunc.menu.js patch
Michael Stucki
michael at typo3.org
Mon Oct 10 08:49:34 CEST 2005
Hi Bernhard,
> Description:
> The t3lib/jsfunc.menu.js script gets used by the JSMENU menu cObj (Think
> it also gets used in BE). The links it awaits for <select> options are
> realtive to the actual page. There is code in it to append the <base> href
> url to the link if it is set. The problem is that now (pherhaps this
> wasn't ever so) the links generated by the JSMENU are absolute. This
> results in getting redirected to links like:
> http://www.mysite.com/http://www.mysite.com/index.php?id=10 which
> obviously fails to load :(
>
> A fix for that is to check if the link supplied isn't absolute and only
> then prepend the base URL.
Looks good until I admit I didn't try it out.
> Reproducability:
> Insert a JSMENU, set config.baseURL = 1
This reminds me of another problem: baseURL = 1 makes URL spoofing possible,
therefore we should remove the "1" as an acceptable value and require a URL
in any case.
- michael
--
Use a newsreader! Check out
http://typo3.org/community/mailing-lists/use-a-news-reader/
More information about the TYPO3-team-core
mailing list