[TYPO3-core] RFC #16891: Bug: shopic.php causes a fatal error if parameters GET variable is not an array
Helmut Hummel
helmut.hummel at typo3.org
Sat Jan 15 23:04:36 CET 2011
REMINDER #1
On 02.01.11 16:20, Helmut Hummel wrote:
> Hi,
>
> This is a SVN patch request.
>
> Type: Bugfix
>
> Branches: trunk, 4.4, 4.3
>
> Problem:
> After upgrading to TYPO3 version 4.3.9, the URL to the showpic
> functionality changed (see #16485). Since search engines still may have
> this old URLs in the index, the call to this URL will lead to a fatal
> PHP error, since the parameters GET variable is not used there.
>
> Solution:
> Check if the parameters are transmitted and an array.
>
> Notes:
> For trunk it would be a further improvement to replace the die() calls
> with an exception. For this to work properly the error handler must be
> initialized. The advantage in doing so is a nicer error message and a
> 500 http header beeing sent forcing the search engines to (hopefully)
> not index this URL
>
> For 4.4 I also removed the unnecessary use of the encryption key, which
> was also introduced in #16485 This will of course also change the hash
> of the showpic functionality, but using the encryption key there is
> misleading, so I would change it nevertheless.
>
> Additional note:
> Thanks to Steffen Ritter for reporting.
>
>
> Kind regards,
> Helmut
>
Kind regards,
Helmut
--
Helmut Hummel
TYPO3 Security Team Leader
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-team-core
mailing list