[TYPO3-core] RFC #9412: config.absRefPrefix can force wrong URL when linking across domains

Dmitry Dulepov [typo3] dmitry at typo3.org
Tue Sep 23 11:44:46 CEST 2008


Hi!

Georg Ringer wrote:
> bots can sometimes have troubles with baseUrl and this will get to paths 
> like
> fileadmin/img.jpg
> => fileadmin/fileadmin/img.jpg
> =>=>fileadmin/fileadmin/fileadmin/img.jpg
> 
> you get the idea..
> 
> georg
> PS: http://typo3bloke.net/post-details/check_your_404_traffic/

Exactly. Also RealURL now fully supports absRefPrefix. If these two bugs with absRefPrefix are fixed, I will drop statement about baseURL completely from the RealURL manual and recommend absRefPrefix instead. It also prevents ~trivial~ stealing of content (like getting someone's content using subrequest and claiming false ownership) because all links will be absolute to the real site. This is not a great protectection of course but at least something.

-- 
Dmitry Dulepov
TYPO3 Core team
My TYPO3 book: http://www.packtpub.com/typo3-extension-development/book
In the blog: http://typo3bloke.net/post-details/tag_your_typo3_extension_releases_in_svn/


More information about the TYPO3-team-core mailing list