[TYPO3-core] RFC #12990 : referrer in felogin form is not encoded correctly
Steffen Kamper
info at sk-typo3.de
Sun May 30 21:43:44 CEST 2010
Hi,
Martin Kutschker schrieb:
> Benjamin Mack schrieb:
>> Hey Jigal,
>>
>> just by reading: the function is "htmlspecialchars()" not
>> "htmlspecialchar()". Also, any steps on how to produce this obvious one
>> quickly?
>>
>> Steffen K: I think there was a recent RFC (two months ago or so) where
>> rawurlencode() was introduced. Any reasons why we used "rawurlencode()"
>> and not HSC?
>
the reason is/was simple: referrer may contain urls with params like ?
and &. If this is used in url as single parameter, rawurlencoded is needed.
I don't see that HSC is correct here.
vg Steffen
More information about the TYPO3-team-core
mailing list