Project

General

Profile

Actions

Bug #16814

closed

Upgrading rtehtmlarea from 1.1.6 to 1.2.1 makes internal link not working

Added by Simone Caramel almost 18 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Category:
-
Target version:
-
Start date:
2006-12-28
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
3.8
PHP Version:
5.3
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

I upgrade rtehtmlarea (Security Bulletin TYPO3-20061220-1) , but internal link doesn't works anymore

this is my configuration:

RTE.default {
enableWordClean = 1
showTagFreeClasses = 0
useCSS = 0
hidePStyleItems = address, pre

showButtons = *
hideTableOperationsInToolbar = 1
keepToggleBordersInToolbar = 1
disableSelectColor = 1
disableAlignmentFieldsetInTableOperations = 1
disableSpacingFieldsetInTableOperations = 1
disableColorFieldsetInTableOperations = 1
disableLayoutFieldsetInTableOperations = 1
disableBordersFieldsetInTableOperations = 1
removeComments = 1
  1. il tag font qui rompe il BOLD su IE!
    removeTags = img, sdfield, blink, applet, basefont, center, dir, isindex, menu, s, strike, blockquote
classesCharacter =
toolbarOrder (
formatblock, space, textindicator, space, undo, redo, bar, copy, cut, paste, bar, bold, italic, underline, bar, unorderedlist, orderedlist, linebreak,
blockstylelabel, blockstyle, link, table, removeformat, insertcharacter, bar, about,
toggleborders, tableproperties, rowproperties, rowinsertabove, rowinsertunder, rowdelete, rowsplit, columninsertbefore, columninsertafter, columndelete, columnsplit, cellproperties, cellinsertbefore, columninsertafter, celldelete, cellsplit, cellmerge,
)
proc >
proc {
dontConvBRtoParagraph = 1
allowTags = dl, dt, dd
denyTags = font, center
preserveTables = 1
entryHTMLparser_db >
exitHTMLparser_db = 1
exitHTMLparser_db {
allowTags (
table, tbody, thead, tfoot, tr, th, td, caption,
h1, h2, h3, h4, h5, h6, br,
ul, ol, li, dl, dd, dt, pre, p, div, span,
strong, em, b, i, u, link, q, cite, abbr, acronym,
)
xhtml_cleaning = 0
noAttrib = b, i, br, span, li, tr, strong, em
tags {
ul.overrideAttribs = class="rte_ul"
ol.overrideAttribs = class="rte_ol"
div.allowedAttribs = 0
table.fixAttrib.width.unset = 1
table.fixAttrib.class.removeIfEquals = htmlarea-showtableborders
th.fixAttrib.width.unset = 1
td.fixAttrib.width.unset = 1
tr.fixAttrib.width.unset = 1
h1.overrideAttribs = class="rte_header" 
h2.overrideAttribs = class="rte_header"
h3.overrideAttribs = class="rte_header"
h4.overrideAttribs = class="rte_header"
h5.overrideAttribs = class="rte_header"
h6.overrideAttribs = class="rte_header"
p.allowedAttribs = class
p.fixAttrib.class.list = align_right, align_center
p.fixAttrib.removeIfFalse = blank
span.allowedAttribs = class
b.remap = strong
i.remap = em
}
}
}
}

RTE.default.FE.proc < RTE.default.proc

(issue imported from #M4708)


Files

browse_links.php.tar.gz (40.3 KB) browse_links.php.tar.gz Administrator Admin, 2007-01-22 14:35
Actions #2

Updated by Simone Caramel almost 18 years ago

Without my tsconfig the internal link doesn't works too ...

Actions #3

Updated by Tom Walter almost 18 years ago

I can confirm this behavior in another 3.8.1 installation. We cannot add links to files through RTE.
I get the same javascript error as mentioned above.

Since this error came with the Update due to the necessary security update we were not able to test well and now I face an angry customer ...

I will add a sponsorship for this bug and hope it will be solved soon.

Thanks

Actions #4

Updated by Olaf Bottek almost 18 years ago

Just created a small patch for it, since I run into the same problems with a customer. I added the replacement file as well as the diff and the explaination of what to do, which I will repeat here as well. By the way it is a shame for the security team to advice the usage of a not working extension. It is very clear that they have not checked this at all on functionality. Anyhow, here is how it goes:

In:

/<your-site>/typo3/ext/rtehtmlarea/mod3/browse_links.php

Replace:

setClass(document.ltargetform.anchor_class.value);

by:

if (document.ltargetform.anchor_class) setClass(document.ltargetform.anchor_class.value);

in lines:

901, 908, 914, 920

This solves links to pages, files, external urls and email addresses.

, www.feas.net

Actions #5

Updated by Peter Niederlag almost 18 years ago

Hello Olaf,

we greatly appreciate your application for the security team or any other position. I fixed the stuff and since I didn't change one single line other than the problem I just can't believe I broke anything.

the problem rather was the hight amount of different versions of rtehtmlarea and which one of this has been most bugfree / tested with differnet versions of TYPO3. I am sorry, I spent five full days on the problem. Now you want to yell at me/the team, that we didn't test verything? Come on, chill down!

Ok, let's not misuse the bugtracker for personal disputes.

I'll see if I can provide some later on fixing for this whole thing.

meanwhile you can help by telling me which version of htmlarea you had been using with 3.8.1 without problems and where you had gotten that from.

keep in mind, the usual maintainer has sigend of for a year, and we are not very sure which version was working with which TYPO3 and we did our best by RTFM.

Cheers,
Peter

Actions #6

Updated by Tom Walter almost 18 years ago

I don't want to get involved in anything personal here but I appreciate the fix Olaf provided. It works well in my installation as well.

I am not 100% sure which rtehtmlarea I used before the security-fix. I might have been an version called 1.0.0. (last entry in the changelog was dd. 2005-11-10 by Stanislas Rolland with Version 0.7.6.

At least this is the version I found in an developing installation for this project and I can't remember that I updated rtehtmlarea.

Tonight I tried to set an link in this developing installation which worked fine. Than I updated rtehtmlarea to 1.2.1 and again hat the same problem. After changing the file Olaf provided it worked again.

So maybe it still helps some other people to update the TER ?

Tom

Actions #7

Updated by Olaf Bottek almost 18 years ago

Hi Peter,

I fixed the stuff and since I didn't change one single line other than the
problem I just can't believe I broke anything.
Come on, chill down!
Ok, let's not misuse the bugtracker for personal disputes.

Well I totally agree not to do start personal disputes, but that is not what I did. When I criticize the "security team" of providing an important upgrade advice to a not working version, than this is not personal. I don't know someone from the security team, but thought that there are at least two people looking for something when it comes to security. And when a version is suggested for usage from the security team, it should be checked not only on a few already known problematic lines.

I understand that it is not an easy job to fix problems of someone else' extension, but hey, this one was easy to reproduce and easy to fix as well. I was surprised myself that it took a month for people to realize this, which leads to certain ideas for me:
1. nobody is using 3.8.x anymore
2. nobody is following the security announces
3. the users have not yet realized the bug
4. if they realized it, they maybe went back to an earlier version, that doesn't has this bug, but of course the security problem

Peter, don't get me wrong here. I really appreciate a good security team and until now, your team has reacted quiet fast and in a good way. I'm sure that next time you guys will take it even one step further to avoid problems like this.

meanwhile you can help by telling me which version of htmlarea you had
been using with 3.8.1 without problems and where you had gotten that from.

I just tried to find out, but I realized that the source was not taken into the the backups, so I can't say which version it was - I think it was 1.01 or something like that. I know this is not really helpful - need to talk to our admin about this.

keep in mind, the usual maintainer has sigend of for a year, and we are not
very sure which version was working with which TYPO3 and we did our best
by RTFM.

;-) keep up the good work!

Greetings,
Olaf

Actions #8

Updated by Stanislas Rolland almost 14 years ago

This is very old stuff. The problem does not arise in currently supported versions of TYPO3.

Closing the issue.

Actions #9

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF