[TYPO3-core] FYI48: #12541: Unescaped & in urls of list module
Ernesto Baschny [cron IT]
ernst at cron-it.de
Wed Nov 11 09:26:39 CET 2009
Steffen Kamper schrieb:
> following patch will be committed after 48 hours if noone complain.
>
> Type: Clean up
>
> Bugtracker references:
> http://bugs.typo3.org/view.php?id=12541
>
> This patch cleans the urls by using & instead of & for url params.
Also a -1 from me for now, as this doesn't really look right. Most stuff
is getting though htmlspecialchars anyway, why would one need "&"
before that?
Best practice is to keep unescaped "&" in the source code and only do a
htmlspecialchar at the moment a "html-tag" is rendered to avoid multiple
escaping. And if we are rendering a $redirect URL, we shouldn't
htmlspecialchar it.
Cheers,
Ernesto
More information about the TYPO3-team-core
mailing list