[TYPO3-core] RFC: Bug #15282: It is impossible to set links to files any more with the link wizard

Oliver Hader oliver at typo3.org
Thu Aug 5 16:01:16 CEST 2010


Hi,

Am 02.08.10 21:05, schrieb Oliver Hader:
> Hi Jochen,
> 
> Am 02.08.10 10:51, schrieb Jochen Rieger:
>>>> http://bugs.typo3.org/view.php?id=15282
>>>>
>>>> Branches: TYPO3_4-1, TYPO3_4-2, TYPO3_4-3, TYPO3_4-4, Trunk
>>>
>>> +1 by reading and testing on 4.2.13
>>
>> I have to withdraw my +1 partially - not everything works fine. There
>> still seems to be an issue with the flexform link wizard call.
>>
>> I added a note to
>>
>> http://bugs.typo3.org/view.php?id=15282
> 
> Together with Steffen, I was no able to reproduce the behaviour. The
> source of the problem are flexform sections (not related to TemplaVoila
> at all).
> 
> Flexform section are duplicated with plain JavaScript, the HTML code for
> that is already prerendered and will just be inserted again (with some
> replacements to IDs). Thus, there is no call to the backend with AJAX as
> we know it from IRRE - it just happens in the browser.
> 
> Thus, the calculated hash does not match anymore and the field change
> functions are invalid. Currently I don't see a possibility how to fix
> it. Maybe...
> 
> 1) Define an exception for flexform sections (no hash, but allows XSS again)
> 2) Fix the wrong flexform section behavior (complicated and would be
> very invasive and not just a one-liner)
> 3) Find surrugats/markers for the identifiers used in flexform sections
> and only apply the hash to the "abstract" field change functions. Before
> executing the JS part, the markers will be replaced by accordant
> identifiers again (very tricky)

The attached patches solve the flexform section issue as well. Flexform
sections have been integrated with TYPO3 4.2 - thus, the 4.1 patch stays
as it is.

The whole thing behind the changes:
* the element name of a flexform section field looks like
  "ID-123abc-idx1234-form"
* the "idx1234" (idx and numerical part) will be removed from
  the fieldChangeFunc expressions to check the hash

Please test the attached patches as much as possible with the regular
link wizard and flexform sections that were created in the interface but
not yet saved.

olly
-- 
Oliver Hader
TYPO3 v4 Core Team Leader
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0015282_v2_42.patch
Type: text/x-patch
Size: 3727 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100805/d01b2618/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0015282_v2_43-trunk.patch
Type: text/x-patch
Size: 3726 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100805/d01b2618/attachment-0001.bin>


More information about the TYPO3-team-core mailing list