[TYPO3-core] Getting an overview
Rupert Germann
rg at rupert-germann.de
Fri Feb 9 19:20:20 CET 2007
Hi,
I also agree that security gets priority over compatibility but when I tested
the new "pageNotFoundOnCHashError" feature in RC1 for problems with tt_news
(http://bugs.typo3.org/view.php?id=4948) which can easily be solved, I found
another Problem again which is caused by the GETvars of the adminpanel.
steps to reproduce this bug:
- open a page which uses a cHash in its URL (f.i. a news single view)
- click on 'Update' or 'Clear cache now' in the adminpanel
you should see the message: 'Error! Reason: Request parameters could not be
validated (&cHash comparison failed)'
the reason for this is obviously that the adminpanel params are added to the
cHash what causes a mismatch.
Last year I wrote a patch for this problem which was never applied to the core
because the discussion about this patch became a discussion about how patch
approvals should look like - and then I forgot it somehow....
here's the post:
http://lists.netfielders.de/pipermail/typo3-team-core/2006-April/004048.html
the patch is attached to this mail
greets
rupert
PS: this is a SVN patch request, Branches: HEAD, TYPO3_4-0
On Friday 09 February 2007 01:40, Michael Stucki wrote:
> Hi Oliver,
>
> > > * Request parameters could not be validated
> > > http://bugs.typo3.org/view.php?id=4940
> >
> > I picked this one and added a small patch for it (see in bugtracker).
> > "pageNotFoundOnCHashError" was set to true by default between beta3 and
> > RC1. So if an extension (perhaps an old one) doesn't use the cHash (eg
> > "typolink.useCHash=1") the error page will be shown. So my solution is
> > to let "pageNotFoundOnCHashError" as it is and to define a new config
> > variable "pageNotFoundOnCHashEmpty", which is set to false by default.
> > If the admin wants the error page if cHash is empty he could enable this
> > in his local TYPO3 installation. What do you think?
> > Additionally I could also add a RFC on that and post it to a new thread.
>
> No, I think you shouldn't do that. It doesn't make much sense to allow
> empty cHashes if they should be checked. See my detailed explanation inside
> the bugtracker...
>
> - michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: class.t3lib_div.php.diff
Type: text/x-diff
Size: 538 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20070209/311599f7/attachment.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20070209/311599f7/attachment.pgp
More information about the TYPO3-team-core
mailing list