Project

General

Profile

Actions

Bug #14530

closed

The backend menu has ugly URLS like "mod/ext/../../something.php"

Added by Allan Jacobsen almost 20 years ago. Updated over 18 years ago.

Status:
Closed
Priority:
Could have
Category:
Backend API
Target version:
-
Start date:
2005-02-04
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
3.7.0
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

The real problem with URLs like described in the summary is that they are blocked by our checkpoint firewall as the ../.. is a pattern that is a possible security risk.

I dont know enough about the backend to solve this the right way, but i traced some of the urls to typo3/class.alt_menu_functions.inc where i inserted this line "$link = preg_replace('/\w+\/\.\.\//','',$link);" 3 time in the wrapLinkWithAB($link) function near the buttom of the file. This solves the problem enough to be able to use the backend except for the filelist item.
(issue imported from #M750)


Files

0000750-urlfix.diff (1.63 KB) 0000750-urlfix.diff Administrator Admin, 2005-02-07 10:08
0000750-11_resolveBackPath.diff (2.17 KB) 0000750-11_resolveBackPath.diff Administrator Admin, 2005-03-28 18:22
Actions

Also available in: Atom PDF