[TYPO3-core] RFC: #12376: typo3temp got filled with thousands of javascript_* files
Georg Ringer
news at ringerge.org
Thu Oct 29 12:57:10 CET 2009
Hi,
This is an SVN patch request.
Type: bugfix
Bugtracker reference:
http://bugs.typo3.org/view.php?id=12376
Branches: trunk, 4.2, 4.1
Problem:
If you use "GMENU_LAYERS / TMENU_LAYERS" without a specific
"layer_menu_id" then your typo3temp will be filled continously with
javascript_* files.
The unique filename is created with a string md5(microtime()).
(Actually it's *intended* to be unique.)
md5(microtime()) can create millions of different filenames causing
typo3temp to be filled more and more.
Problems with temporary files with unique filenames are also mentioned
in Bug 0012375 (http://bugs.typo3.org/view.php?id=12375)
This bug can also show DoS-like behaviour.
A better fix should use a system wide (system=TYPO3) class-function
especially written for purposes like this.
Additional information - How to reproduce:
1.) Delete temp js files in typo3temp
2.) Create a Layer_menu with a code like this
-------------
page.20 = HMENU
page.20 {
1 = TMENU_LAYERS
1 {
wrap=<table border="0" cellspacing="0" cellpadding="0">|</table>
layerStyle = position:absolute;VISIBILITY:hidden;border: 1px solid
#CCCCCC; background: #ffffff;
lockPosition = y
hideMenuWhenNotOver = 1
hideMenuTimer=250
expAll=1
leftOffset = 0
topOffset =22
relativeToTriggerItem = 1
NO {
allWrap=<td>|</td>
ATagParams = class = "menue"
}
}
2 = TMENU
2.NO {
ATagParams = class = "menue1"
allWrap=|<br>
}
}
-----------
3.) click around and look at the typo3temp/ it will get larger with
every click.
Solution:
The applied patch replaces microtime() with a string built around env
var TYPO3_HOST_ONLY.
Cheers
Georg
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch-12376.patch
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20091029/0cdaf217/attachment.txt>
More information about the TYPO3-team-core
mailing list