[TYPO3-core] FYI: Fixed bug #15263: Clearing caches in backend only displays empty frame
Oliver Hader
oliver at typo3.org
Fri Jul 30 13:46:24 CEST 2010
The following changes were committed to SVN TYPO3_4-1 (rev. 8453)
Type: Bugfix
Bugtracker references:
http://bugs.typo3.org/view.php?id=15263
Branch: TYPO3_4-1
Problem:
Clearing caches in backend only displays empty frame - applies for the
typo3conf and the frontend cache. The problem was introduced with the
recent security fixes and a quickfix concerning
t3lib_div::sanitizeLocalUrl().
Solution:
The intention of sanitizeLocalUrl() and sanitizeBackendUrl() is
completely different. Thus, sanitizeLocalUrl() was backported from
TYPO3_4-2 to TYPO3_4-1 an andopted to work with PHP4 (stripos,
filter_var and RemoveXSS which are not possible nor available for
TYPO3_4-1).
Notes:
Securitywise Helmut Hummel from the TYPO3 Security Team already hat a
look to this patch.
olly
--
Oliver Hader
TYPO3 v4 Core Team Leader
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0015263_v2.patch
Type: text/x-patch
Size: 3174 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100730/cae8d8e2/attachment.bin>
More information about the TYPO3-team-core
mailing list