Bug #101614
open
Site config: Placeholders in imported files are not allowed
0%
Description
Given the following site config:
# sites/main/config.yaml
imports:
- { resource: '../include.yaml' }
errorHandling: { }
languages:
-
title: English
enabled: true
languageId: 0
base: /
locale: en_US.UTF-8
navigationTitle: English
flag: us
rootPageId: 1
routes: { }
This is the external file which is registered as import resource:
# sites/include.yaml
base: '%env(DDEV_PRIMARY_URL)%'
Everything works fine in Frontend and the base url is correctly imported and resolved.
However, when the site config is opened in the site module, an exception is thrown when the site config is being saved:
This exception prevents the site config from being updated.
I was able to confirm this behavior for v11, v12 and main.
That's the line where the exception is thrown: https://github.com/TYPO3/typo3/blob/v12.4.4/typo3/sysext/core/Classes/Configuration/Loader/YamlPlaceholderGuard.php#L89
The behavior seems to be related to a security fix introduced with #89401 and is probably there since TYPO3 10.4.
Files
Updated by Gerrit Code Review 9 months ago
- Status changed from New to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80454
Updated by Gerrit Code Review 9 months ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80454