Bug #16814
closed
Upgrading rtehtmlarea from 1.1.6 to 1.2.1 makes internal link not working
0%
Description
I upgrade rtehtmlarea (Security Bulletin TYPO3-20061220-1) , but internal link doesn't works anymore
this is my configuration:
RTE.default {
enableWordClean = 1
showTagFreeClasses = 0
useCSS = 0
hidePStyleItems = address, pre
showButtons = *
hideTableOperationsInToolbar = 1
keepToggleBordersInToolbar = 1
disableSelectColor = 1
disableAlignmentFieldsetInTableOperations = 1
disableSpacingFieldsetInTableOperations = 1
disableColorFieldsetInTableOperations = 1
disableLayoutFieldsetInTableOperations = 1
disableBordersFieldsetInTableOperations = 1removeComments = 1- il tag font qui rompe il BOLD su IE!
removeTags = img, sdfield, blink, applet, basefont, center, dir, isindex, menu, s, strike, blockquote
classesCharacter =toolbarOrder (
formatblock, space, textindicator, space, undo, redo, bar, copy, cut, paste, bar, bold, italic, underline, bar, unorderedlist, orderedlist, linebreak,
blockstylelabel, blockstyle, link, table, removeformat, insertcharacter, bar, about,
toggleborders, tableproperties, rowproperties, rowinsertabove, rowinsertunder, rowdelete, rowsplit, columninsertbefore, columninsertafter, columndelete, columnsplit, cellproperties, cellinsertbefore, columninsertafter, celldelete, cellsplit, cellmerge,
)proc >
proc {
dontConvBRtoParagraph = 1allowTags = dl, dt, dd
denyTags = font, center
preserveTables = 1entryHTMLparser_db >exitHTMLparser_db = 1
exitHTMLparser_db {
allowTags (
table, tbody, thead, tfoot, tr, th, td, caption,
h1, h2, h3, h4, h5, h6, br,
ul, ol, li, dl, dd, dt, pre, p, div, span,
strong, em, b, i, u, link, q, cite, abbr, acronym,
)xhtml_cleaning = 0
noAttrib = b, i, br, span, li, tr, strong, emtags {
ul.overrideAttribs = class="rte_ul"
ol.overrideAttribs = class="rte_ol"
div.allowedAttribs = 0table.fixAttrib.width.unset = 1
table.fixAttrib.class.removeIfEquals = htmlarea-showtableborders
th.fixAttrib.width.unset = 1
td.fixAttrib.width.unset = 1
tr.fixAttrib.width.unset = 1h1.overrideAttribs = class="rte_header"
h2.overrideAttribs = class="rte_header"
h3.overrideAttribs = class="rte_header"
h4.overrideAttribs = class="rte_header"
h5.overrideAttribs = class="rte_header"
h6.overrideAttribs = class="rte_header"
p.allowedAttribs = classp.fixAttrib.class.list = align_right, align_center
p.fixAttrib.removeIfFalse = blank
span.allowedAttribs = classb.remap = strong
i.remap = em
}
}
}
}RTE.default.FE.proc < RTE.default.proc
(issue imported from #M4708)
Files
Updated by Simone Caramel over 17 years ago
The error is:
Errore: document.ltargetform.anchor_class has no properties
File sorgente: http://www.provincia.pu.it/typo3conf/ext/rtehtmlarea/mod3/browse_links.php?act=url&mode=rte&RTEtsConfigParams=tt_content%3A1829%3Abodytext%3A1427%3Atextpic%3A1427%3A&typo3ContentLanguage=it&typo3ContentCharset=iso-8859-1
Riga: 77
Updated by Simone Caramel over 17 years ago
Without my tsconfig the internal link doesn't works too ...
Updated by Tom Walter over 17 years ago
I can confirm this behavior in another 3.8.1 installation. We cannot add links to files through RTE.
I get the same javascript error as mentioned above.
Since this error came with the Update due to the necessary security update we were not able to test well and now I face an angry customer ...
I will add a sponsorship for this bug and hope it will be solved soon.
Thanks
Updated by Olaf Bottek over 17 years ago
Just created a small patch for it, since I run into the same problems with a customer. I added the replacement file as well as the diff and the explaination of what to do, which I will repeat here as well. By the way it is a shame for the security team to advice the usage of a not working extension. It is very clear that they have not checked this at all on functionality. Anyhow, here is how it goes:
In:
/<your-site>/typo3/ext/rtehtmlarea/mod3/browse_links.php
Replace:
setClass(document.ltargetform.anchor_class.value);
by:
if (document.ltargetform.anchor_class) setClass(document.ltargetform.anchor_class.value);
in lines:
901, 908, 914, 920
This solves links to pages, files, external urls and email addresses.
Updated by Peter Niederlag about 17 years ago
Hello Olaf,
we greatly appreciate your application for the security team or any other position. I fixed the stuff and since I didn't change one single line other than the problem I just can't believe I broke anything.
the problem rather was the hight amount of different versions of rtehtmlarea and which one of this has been most bugfree / tested with differnet versions of TYPO3. I am sorry, I spent five full days on the problem. Now you want to yell at me/the team, that we didn't test verything? Come on, chill down!
Ok, let's not misuse the bugtracker for personal disputes.
I'll see if I can provide some later on fixing for this whole thing.
meanwhile you can help by telling me which version of htmlarea you had been using with 3.8.1 without problems and where you had gotten that from.
keep in mind, the usual maintainer has sigend of for a year, and we are not very sure which version was working with which TYPO3 and we did our best by RTFM.
Cheers,
Peter
Updated by Tom Walter about 17 years ago
I don't want to get involved in anything personal here but I appreciate the fix Olaf provided. It works well in my installation as well.
I am not 100% sure which rtehtmlarea I used before the security-fix. I might have been an version called 1.0.0. (last entry in the changelog was dd. 2005-11-10 by Stanislas Rolland with Version 0.7.6.
At least this is the version I found in an developing installation for this project and I can't remember that I updated rtehtmlarea.
Tonight I tried to set an link in this developing installation which worked fine. Than I updated rtehtmlarea to 1.2.1 and again hat the same problem. After changing the file Olaf provided it worked again.
So maybe it still helps some other people to update the TER ?
Tom
Updated by Olaf Bottek about 17 years ago
Hi Peter,
I fixed the stuff and since I didn't change one single line other than the
problem I just can't believe I broke anything.
Come on, chill down!
Ok, let's not misuse the bugtracker for personal disputes.
Well I totally agree not to do start personal disputes, but that is not what I did. When I criticize the "security team" of providing an important upgrade advice to a not working version, than this is not personal. I don't know someone from the security team, but thought that there are at least two people looking for something when it comes to security. And when a version is suggested for usage from the security team, it should be checked not only on a few already known problematic lines.
I understand that it is not an easy job to fix problems of someone else' extension, but hey, this one was easy to reproduce and easy to fix as well. I was surprised myself that it took a month for people to realize this, which leads to certain ideas for me:
1. nobody is using 3.8.x anymore
2. nobody is following the security announces
3. the users have not yet realized the bug
4. if they realized it, they maybe went back to an earlier version, that doesn't has this bug, but of course the security problem
Peter, don't get me wrong here. I really appreciate a good security team and until now, your team has reacted quiet fast and in a good way. I'm sure that next time you guys will take it even one step further to avoid problems like this.
meanwhile you can help by telling me which version of htmlarea you had
been using with 3.8.1 without problems and where you had gotten that from.
I just tried to find out, but I realized that the source was not taken into the the backups, so I can't say which version it was - I think it was 1.01 or something like that. I know this is not really helpful - need to talk to our admin about this.
keep in mind, the usual maintainer has sigend of for a year, and we are not
very sure which version was working with which TYPO3 and we did our best
by RTFM.
;-) keep up the good work!
Greetings,
Olaf
Updated by Stanislas Rolland over 13 years ago
This is very old stuff. The problem does not arise in currently supported versions of TYPO3.
Closing the issue.
Updated by