[TYPO3-core] FYI48: #12541: Unescaped & in urls of list module
Steffen Kamper
info at sk-typo3.de
Wed Nov 11 19:07:25 CET 2009
Hi,
Ernesto Baschny [cron IT] schrieb:
> Best practice is to keep unescaped "&" in the source code and only do a
> htmlspecialchar at the moment a "html-tag" is rendered to avoid multiple
> escaping. And if we are rendering a $redirect URL, we shouldn't
> htmlspecialchar it.
>
i will do a new patch with HSC.
For the redirect - if redirect / returnurl is read with t3lib_div::_GP
it's plain or rawurlencoded, but never HSCd - or do you think different?
vg Steffen
More information about the TYPO3-team-core
mailing list