[TYPO3-core] RFC #12990 : referrer in felogin form is not encoded correctly
Jigal van Hemert
jigal at xs4all.nl
Sun May 16 22:49:04 CEST 2010
Benjamin Mack wrote:
> just by reading: the function is "htmlspecialchars()" not
> "htmlspecialchar()".
Auch!
Note to self: write 100 times "I shall not save files after testing them"
> Also, any steps on how to produce this obvious one quickly?
On the English list someone had TYPO3 installed in a subdirectory '/cms'
and felogin with referrer redirect. The redirect went to:
/cms/http://www.mydomain.com/cms/index.php?id=12
After removing the rawurlencode() it worked.
However coming from a URL with extra query parameters there was an '&'
in the url, so the page would not validate. htmlspecialchars() was needed.
> Steffen K: I think there was a recent RFC (two months ago or so) where
> rawurlencode() was introduced. Any reasons why we used "rawurlencode()"
> and not HSC?
The rawurlencode() got in with #10327 on 7-12-2009 with rev 6638 (4_3)
and 6639 (trunk) (v5 of the patch). It was first introduced in v3 on
22-9-2009. Susanne spotted the problem on 13-10-2009, but it was not
attributed to the rawurlencode() and the conclusion was "it shows that
the redirect basically works :-)"
And attached version 2 with the correct spelling.
@Benni: can this get your vote to get it committed?
--
Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 12990_trunk_v2.patch
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100516/7556e08a/attachment.asc>
More information about the TYPO3-team-core
mailing list