[TYPO3-core] RFC: bug #8192: typoLink generates wrong links
Dmitry Dulepov [typo3]
dmitry at typo3.org
Wed May 14 09:08:42 CEST 2008
Another reminder...
Dmitry Dulepov [typo3] wrote:
> Hi!
>
> This is SVN patch request
>
> Branches: 4.2, 4.1
>
> Type: bug
>
> BT reference: http://bugs.typo3.org/view.php?id=8192
>
> Problem: if file exists in the root of web site, file name is numeric
> and page with the same uid exists, TYPO3 (typolink) will always generate
> link to file instead of link to page. Therefore page becomes
> inaccessible. For example, if file name is 123 and page uid=123, TYPO3
> will always generate http://domain.com/123 instead of
> http://domain.com/index.php?id=123 or
> http://domain.com/page1/pgae2/page2/ (with RealURL). It is not possible
> to get a link to such page at all. This caused pretty big problem on one
> of my sites.
>
> Solution: quick-check that page exists and generate link to page instead.
>
> Notes: I see this also as small security issue (anyone, who can put
> files to server may spoof a page and it will not be detected by any
> existing means). Seems like security team does not think it is important
> issue. So I post it like a normal bug.
>
--
Dmitry Dulepov
TYPO3 core team
Web: http://typo3bloke.net/
Skype: callto:liels_bugs
"Nothing is impossible. There are only limits to our knowledge"
More information about the TYPO3-team-core
mailing list