[TYPO3-core] FYI48: #12541: Unescaped & in urls of list module

Ernesto Baschny [cron IT] ernst at cron-it.de
Wed Nov 11 09:26:39 CET 2009


Steffen Kamper schrieb:

> following patch will be committed after 48 hours if noone complain.
> 
> Type: Clean up
> 
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=12541
> 
> This patch cleans the urls by using & instead of & for url params.

Also a -1 from me for now, as this doesn't really look right. Most stuff
is getting though htmlspecialchars anyway, why would one need "&"
before that?

Best practice is to keep unescaped "&" in the source code and only do a
htmlspecialchar at the moment a "html-tag" is rendered to avoid multiple
escaping. And if we are rendering a $redirect URL, we shouldn't
htmlspecialchar it.

Cheers,
Ernesto


More information about the TYPO3-team-core mailing list