[TYPO3-core] RFC #12324: Bug: Page tree will not be shown in the typo3 backend
Oliver Hader
oliver at typo3.org
Fri Nov 13 11:53:30 CET 2009
Hi,
Ernesto Baschny [cron IT] schrieb:
> Oliver Hader schrieb:
>> FYI: Committed to SVN Trunk (rev. 6384)
>>
>> Still pending for TYPO3-4-2...
>
> And also TYPO3-4_1, which is also affected... What would be the
> suggested plan here, as we have no "RemoveXSS" in 4.1 yet? Should we
> backport RemoveXSS to 4.1 also to be able to use it also in other
> potential future XSS fixes? THat would "add a feature", even if it is a
> "security feature".
If the release manager for 4.1 agrees (and Ingmar did already), that
would be fine. Besides that, we don't have filters in PHP 4.3 which is
used by t3lib_div::isValidUrl() - but we can work around e.g. with
looking for any URL scheme for this case.
A very simple solution would be to jsut add these missing characters,
e.g. like '-' and '~' in TYPO3_4-1 (but personally I don't like that).
olly
--
Oliver Hader
TYPO3 Release Manager 4.3
More information about the TYPO3-team-core
mailing list