Project

General

Profile

Actions
Copy link

Bug #95941

closed

Prevent crashes in reference index update due to invalid user input

Added by Alexander Stehlik over 2 years ago. Updated 11 months ago.

Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
DataHandler aka TCEmain
Target version:
-
Start date:
2021-11-10
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
12
PHP Version:
8.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Currently an editor can cause crashes in the referenceindex:update command by entering invalid data in link fields (e.g. the header_link).

The first scenario is the safeguard in the TypolinkSoftReferenceParser against phar:// URLs. When the user enters such an URL the Backend crashes with an Exception and the update command will always fail until the invalid URL is removed.

The same happens with a combination of a slash / in the link value and a special char that is denied by the filename sanitation. Then the softref parser crashes with an InvalidPathException. Example: bla/blubb<specialchar>test (replace specialchar with this).

IMO editor input should not cause these kinds of Exceptions. Instead the errors should be catched / logged and additionally the validation of link input could be improved to deny disallowed URLs from the start.

Related issues 1 (1 open0 closed)

Related to TYPO3 Core - Bug #101618: TypolinkSoftReferenceParser throws warnings and "referenceindex:update" crashes if the LinkService encounters stale t3:// URLsNew2023-08-08

Actions
Actions
Copy link

Also available in: Atom PDF