[TYPO3-core] RFC #12990 : referrer in felogin form is not encoded correctly

Jigal van Hemert jigal at xs4all.nl
Sat May 29 08:49:36 CEST 2010


REMINDER

Jigal van Hemert wrote:
> Benjamin Mack wrote:
>> just by reading: the function is "htmlspecialchars()" not 
>> "htmlspecialchar()". 
> 
> Auch!
> Note to self: write 100 times "I shall not save files after testing them"
> 
>> Also, any steps on how to produce this obvious one quickly?
> 
> On the English list someone had TYPO3 installed in a subdirectory '/cms' 
> and felogin with referrer redirect. The redirect went to:
>     /cms/http://www.mydomain.com/cms/index.php?id=12
> 
> After removing the rawurlencode() it worked.
> 
> However coming from a URL with extra query parameters there was an '&' 
> in the url, so the page would not validate. htmlspecialchars() was needed.
> 
>> Steffen K: I think there was a recent RFC (two months ago or so) where 
>> rawurlencode() was introduced. Any reasons why we used 
>> "rawurlencode()" and not HSC?
> 
> The rawurlencode() got in with #10327 on 7-12-2009 with rev 6638 (4_3) 
> and 6639 (trunk) (v5 of the patch). It was first introduced in v3 on 
> 22-9-2009. Susanne spotted the problem on 13-10-2009, but it was not 
> attributed to the rawurlencode() and the conclusion was "it shows that 
> the redirect basically works :-)"
> 
> And attached version 2 with the correct spelling.
> 
> @Benni: can this get your vote to get it committed?
> 


-- 
Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh


More information about the TYPO3-team-core mailing list