[TYPO3-core] RFC: bug #8192: typoLink generates wrong links

Steffen Kamper steffen at sk-typo3.de
Tue Apr 29 09:42:36 CEST 2008


"Dmitry Dulepov [typo3]" <dmitry at typo3.org> schrieb im Newsbeitrag 
news:mailman.1.1209452970.22637.typo3-team-core at lists.netfielders.de...
> Hi!
>
> This is SVN patch request
>
> Branches: 4.2, 4.1
>
> Type: bug
>
> BT reference: http://bugs.typo3.org/view.php?id=8192
>
> Problem: if file exists in the root of web site, file name is numeric and 
> page with the same uid exists, TYPO3 (typolink) will always generate link 
> to file instead of link to page. Therefore page becomes inaccessible. For 
> example, if file name is 123 and page uid=123, TYPO3 will always generate 
> http://domain.com/123 instead of http://domain.com/index.php?id=123 or 
> http://domain.com/page1/pgae2/page2/ (with RealURL). It is not possible to 
> get a link to such page at all. This caused pretty big problem on one of 
> my sites.
>
> Solution: quick-check that page exists and generate link to page instead.
>
> Notes: I see this also as small security issue (anyone, who can put files 
> to server may spoof a page and it will not be detected by any existing 
> means). Seems like security team does not think it is important issue. So 
> I post it like a normal bug.
>
> -- 

Hi,

looks good to me, so +1
(though i don't like var names like $rFD_fI, but cleaning such is another 
issue)
It is a security problem imho, but if someone got write access to webspace, 
he is in before that.

vg Steffen 




More information about the TYPO3-team-core mailing list