Bug #17949
closed
Hardcoded Ampersand in fe_user->get_URL_ID
0%
Description
When you set config.ftu = 1 in your root-TS, you get a session tracking variable rendered into all urls generated by typo3 for users, that don't accept cookies. This is all fine, except for the fact, that there is a hardcoded unescaped ampersand in the core in t3lib/class.t3lib_userauth.php on line 241, which makes xhtml validation fail on all pages with typo3-generated links on them:
...
if ($mode=='get' && $this->getFallBack && $this->get_name) {
$this->get_URL_ID = '&'.$this->get_name.'='.$id;
}
...
Try out validation of http://shop.dello.biz/ with http://validator.w3.org.
In the root template has been set amongst other options:
config.ftu = 1
config.doctype = xhtml_trans
config.xhtml_cleaning = all
Maybe this is resolved when config.xhtml_cleaning is fully implemented, but I thought to let you guys know anyway
(issue imported from #M7043)
Updated by Oliver Hader almost 17 years ago
This real problem begin, when you don't have any other parameters set in the URL, like:
www.myhost.com/section/whatever.html&ftu=...
www.myhost.com/section/Whatever.123.0.html&ftu=...
In this case, the "ftu" parameter is totally ignored (becaus it should be ?&ftu=... or ?ftu=...). The substitution of the ftu parameter in URLs is in my opinion at the wrong place. It should be in cObj->typoLink and in $GLOBALS['TSFE']->tmpl->linkData (for links generated for menus).
Updated by Alexander Opitz over 11 years ago
- Status changed from Accepted to Needs Feedback
- Target version deleted (
0)
The issue is very old, does this issue exists in newer versions of TYPO3 CMS (4.5 or 6.1)?
Updated by Alexander Opitz about 11 years ago
- Status changed from Needs Feedback to Closed
- Is Regression set to No
No feedback for over 90 days.