[TYPO3-core] RFC: Bug #15282: It is impossible to set links to files any more with the link wizard
Jeff Segars
jsegars at alumni.rice.edu
Thu Aug 5 18:16:45 CEST 2010
On 8/5/10 9:01 AM, Oliver Hader wrote:
> Hi,
>
> Am 02.08.10 21:05, schrieb Oliver Hader:
>> Hi Jochen,
>>
>> Am 02.08.10 10:51, schrieb Jochen Rieger:
>>>>> http://bugs.typo3.org/view.php?id=15282
>>>>>
>>>>> Branches: TYPO3_4-1, TYPO3_4-2, TYPO3_4-3, TYPO3_4-4, Trunk
>>>>
>>>> +1 by reading and testing on 4.2.13
>>>
>>> I have to withdraw my +1 partially - not everything works fine. There
>>> still seems to be an issue with the flexform link wizard call.
>>>
>>> I added a note to
>>>
>>> http://bugs.typo3.org/view.php?id=15282
>>
>> Together with Steffen, I was no able to reproduce the behaviour. The
>> source of the problem are flexform sections (not related to TemplaVoila
>> at all).
>>
>> Flexform section are duplicated with plain JavaScript, the HTML code for
>> that is already prerendered and will just be inserted again (with some
>> replacements to IDs). Thus, there is no call to the backend with AJAX as
>> we know it from IRRE - it just happens in the browser.
>>
>> Thus, the calculated hash does not match anymore and the field change
>> functions are invalid. Currently I don't see a possibility how to fix
>> it. Maybe...
>>
>> 1) Define an exception for flexform sections (no hash, but allows XSS again)
>> 2) Fix the wrong flexform section behavior (complicated and would be
>> very invasive and not just a one-liner)
>> 3) Find surrugats/markers for the identifiers used in flexform sections
>> and only apply the hash to the "abstract" field change functions. Before
>> executing the JS part, the markers will be replaced by accordant
>> identifiers again (very tricky)
>
> The attached patches solve the flexform section issue as well. Flexform
> sections have been integrated with TYPO3 4.2 - thus, the 4.1 patch stays
> as it is.
>
> The whole thing behind the changes:
> * the element name of a flexform section field looks like
> "ID-123abc-idx1234-form"
> * the "idx1234" (idx and numerical part) will be removed from
> the fieldChangeFunc expressions to check the hash
>
> Please test the attached patches as much as possible with the regular
> link wizard and flexform sections that were created in the interface but
> not yet saved.
>
> olly
+1 on reading and testing with 4.3, 4.4, and trunk. Thanks Olly!
More information about the TYPO3-team-core
mailing list