Bug #16090
closed
t3lib_parsehtml_proc::TS_links_rte: external url identification leak
0%
Description
If a full qualified url to an internal network space was configured in RTE, like
<LINK http://myinternalserver/abc/xyz/ >
this is transformed by TS_links_rte into
<a href="http://mytypo3sitedomain/http://myinternalserver/abc/xyz" ...>...</a>
This happens because $urlChar is not identified as checked for single point '.' only, which is not part of my internal server name. As a result the link is identified as a FILE link and on this case the typo3 siteurl is prepended.
I hotfixed this by making the condition (strstr($link_param,'//')) a standalone OR part without asking for $urlChar. But in worst case this will also identify dirty windows-filelinks as external urls (//sambashare/folder/file.ext).
The url scheme identification should be re-evaluated with all facettes links can be defined with. It should also be re-evaluated if the typo3 site url needs to be prepended on file links (i think it does not).
This bug also affects earlier versions of typo3 (detected in 3.7), but its still there in 4.0
My fixed line #14494:
} elseif(strstr($link_param,'//') || ($urlChar && (!$fileChar || $urlChar<$fileChar))) { // url (external): If doubleSlash or if a '.' comes before a '/'.
(issue imported from #M3348)
Updated by Alexander Opitz over 11 years ago
- Category deleted (
Communication) - Status changed from Accepted to Needs Feedback
- Target version deleted (
0) - PHP Version deleted (
4)
The issue is very old, does this issue exists in newer versions of TYPO3 CMS (4.5 or 6.1)?
Updated by Alexander Opitz about 11 years ago
- Status changed from Needs Feedback to Closed
No feedback for over 90 days.