[TYPO3-core] RFC #12990 : referrer in felogin form is not encoded correctly
Jigal van Hemert
jigal at xs4all.nl
Sat May 29 08:49:36 CEST 2010
REMINDER
Jigal van Hemert wrote:
> Benjamin Mack wrote:
>> just by reading: the function is "htmlspecialchars()" not
>> "htmlspecialchar()".
>
> Auch!
> Note to self: write 100 times "I shall not save files after testing them"
>
>> Also, any steps on how to produce this obvious one quickly?
>
> On the English list someone had TYPO3 installed in a subdirectory '/cms'
> and felogin with referrer redirect. The redirect went to:
> /cms/http://www.mydomain.com/cms/index.php?id=12
>
> After removing the rawurlencode() it worked.
>
> However coming from a URL with extra query parameters there was an '&'
> in the url, so the page would not validate. htmlspecialchars() was needed.
>
>> Steffen K: I think there was a recent RFC (two months ago or so) where
>> rawurlencode() was introduced. Any reasons why we used
>> "rawurlencode()" and not HSC?
>
> The rawurlencode() got in with #10327 on 7-12-2009 with rev 6638 (4_3)
> and 6639 (trunk) (v5 of the patch). It was first introduced in v3 on
> 22-9-2009. Susanne spotted the problem on 13-10-2009, but it was not
> attributed to the rawurlencode() and the conclusion was "it shows that
> the redirect basically works :-)"
>
> And attached version 2 with the correct spelling.
>
> @Benni: can this get your vote to get it committed?
>
--
Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh
More information about the TYPO3-team-core
mailing list