Bug #106298
open
Malform URI in siteconfig takes down entire typo3 instance
0%
Description
Sumary¶
it is possible to save a site config with a 'base' / 'Entry point' that is malformed, doing so will crash the entire typo3 instance to a point where recovery requires direct file access outside of typo3.
Steps to reproduce¶
- edit or create a new site config, enter a malform uri ( "//https:domain.tld/" ) in "Entry point"
- Save the config
The typo3 instance is no longer usable ( frontend(s), backend or install tool ) - the error is 'InvalidArgumentException: The parsedUri "//https:domain.tld/" appears to be malformed'
This error originally occurred in a LTS 10 instance, but can be reproduced in LTS 13 as well.
NB. In testing the installation doesn't seem crash if there is a valid 'Variants for the Entry Point' that would be active
Desired outcome¶
The user should either be prevented from saving a site config with an invalid/malform uri or the site config should be ignored entirely if it cannot be validated, this way at least the user has a chance to correct the issue in typo3.
Other notes¶
The user swears that they copied the url from their browser and pasted it in the field, so it's possible that it somehow got mangled during the save. ( eg. if pasted after/inside an existing URI )
Updated by Gerrit Code Review 11 days ago
- Status changed from New to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/88483
Updated by Gerrit Code Review 11 days ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/88483