[TYPO3-core] FYI72 #15936: Bug: [Caching framework] Entry identifier needs to be sanitized in FileBackend
Christian Kuhn
lolli at schwarzbu.ch
Fri Oct 8 16:19:07 CEST 2010
Hey,
On 10/08/2010 04:02 PM, Martin Kutschker wrote:
> Stupid question: is it documented which characters are valid for an entry identifier?
Yes, they must survive a regex check in interface
t3lib_cache_frontend_Frontend:
const PATTERN_ENTRYIDENTIFIER = '/^[a-zA-Z0-9_%\-&]{1,250}$/';
So, with usual usage of caches through the frontend inteface, described
issue won't pop up anyway. It's just an additional sanitizing which
mitigates a possible weakness if the cache backend is ever used directly
(eg. in unit tests).
Regards
Christian
More information about the TYPO3-team-core
mailing list