Project

General

Profile

Actions

Bug #18673

closed

Shortcut ends in parse_url-error

Added by Steffen Kamper over 16 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Should have
Category:
-
Target version:
-
Start date:
2008-04-22
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

When you call page properties from clickmenu and then create a shortcut it ends up in a parse_url-error. The shortcut is saved wrong and BE is unusable until deleting this shortcut from DB table.

Reason for this is a urldecode on url in following line:
$url = urldecode(t3lib_div::_POST('url'));

Having something in url like
returnUrl%3Dhttp%253A%252F%252Flocalhost%252Ft3%252Ftrunk%252Ftypo3%252Falt_doc.php%253Fedit%255Bpages%255
the urldecoded part of returnUrl produces errors.

removing the urldecode fixes the problem.

(issue imported from #M8205)


Files

8205_urldecode.diff (550 Bytes) 8205_urldecode.diff Administrator Admin, 2008-04-22 23:34
template.diff (594 Bytes) template.diff Administrator Admin, 2008-06-14 15:16
8205_parse_url.diff (1.93 KB) 8205_parse_url.diff Administrator Admin, 2008-06-14 20:08
8205_shortcut.diff (1.35 KB) 8205_shortcut.diff Administrator Admin, 2008-06-15 18:23
8205_shortcut3.diff (14.4 KB) 8205_shortcut3.diff Administrator Admin, 2008-10-31 10:38
8205_shortcut4.diff (14.2 KB) 8205_shortcut4.diff Administrator Admin, 2008-10-31 19:14
8205_shortcut4_4.2.diff (15.2 KB) 8205_shortcut4_4.2.diff Administrator Admin, 2008-10-31 19:14
8205_shortcut4_latest.diff (15.1 KB) 8205_shortcut4_latest.diff Administrator Admin, 2008-11-04 23:56
shortcut.png (24.4 KB) shortcut.png Administrator Admin, 2008-11-04 23:56
8205_shortcut5.diff (16.4 KB) 8205_shortcut5.diff Administrator Admin, 2008-11-05 01:10

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #18963: File upload ends up in parse_url-ErrorClosedSteffen Kamper2008-06-15

Actions
Has duplicate TYPO3 Core - Bug #18649: Shortcut icon is not shown as non admin userClosedHelmut Hummel2008-04-20

Actions
Actions #1

Updated by Steffen Kamper over 16 years ago

sry guys, the fix doesn't work. it removes a parse_url-error but left some other problems.

When comparing the shortcutlinks after clickmenu and the normal call only returnUrl is different.
correct: /t3/trunk/altdoc.php?...
wrong: http://localhost/t3/trunk/altdoc.php?...

Actions #2

Updated by David Triebe over 16 years ago

I just stumbled across the same issue in 4.2.1 when creating a shortcut to a backend group.

As in Steffen's note, removing the http://hostname works fine.

So a quick fix might be something like this:

$url = preg_replace("/http:\/\/[^\/]*/", "", $url);

But of course it'd be better to remove it from the start.

Actions #3

Updated by Benni Mack over 16 years ago

somebody wants to create a patch for this?

Actions #4

Updated by David Triebe over 16 years ago

I just added a small patch which removes http protocol parts from the shortcut's URI before inserting it into the db.

I'm still not sure if that's a good place or if one should search for all places where absolute URLs are used in the backend. I assume that those could all be replaced with local absolute urls (leading slash). Sounds cleaner to me right now.

I'm on the run now, maybe I can check that out later. Or someone else, as I have no idea of where to start ;-)

Actions #5

Updated by Steffen Kamper over 16 years ago

your patch doesn't solve the problem, parse_url-error still exists.

Fortunally i found the problem and fixed it with attached patch, so please test this.
The patch fixes 2 bugs

1) in ajax call for createShortcut: $_GET['url'] should not go through urldecode
2) bug in creating the links for the docHeader-buttons upload & new, where htmlspecialchars was used instead of rawurlencode

Actions #6

Updated by David Triebe over 16 years ago

I still think that it might be a good idea to replace all absolute links to the current host with local absolute links. The hostname may change for various reasons (e.g. http vs. https, www. vs no www., test vs live environment, etc).

Any opinion on that?

Actions #7

Updated by Steffen Kamper over 16 years ago

i don't have any host-entries after the patch

Actions #8

Updated by Steffen Kamper over 16 years ago

ok, now i found the host.

The problem is, that normally REQUEST_URI is used for returnUrl, which doesn't contain the host.
In JS the property document.location is used, which contains the host.

All urls in Clickmenu are using the JS-Method, but fortunally they use top.rawurlencode, so this is the place where i extract the host from urls:

var host = "' . t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST') . '";
str = str_replace(host,"",str);

so this is part 1 of my new patch

part 2/3 is in Ajaxcall for create shortcut.
2) url doesn't have to be urldecoded here
3) for edit links $shortcut['recordid'] holds the pageId which has to be used for the shortcut label

Actions #9

Updated by Steffen Kamper about 16 years ago

attached is the latest patch: 8305_shortcut3.diff

Actions #10

Updated by Rob Vonk about 16 years ago

I tried running the patch on a fresh 4.2.2 and trunk version but it gives errors on both systems..

Tried running it with patch on ubuntu linux, patch on windows and tortoisesvn on windows. Nothing works.

Actions #11

Updated by Christian Kuhn about 16 years ago

Attached new

8205_shortcut4.diff (for trunk)
8205_shortcut4_4.2.diff (for 4.2-branch)

to fix failing hunks in 8205_shortcut3.diff. No logic change. Please retest.

Actions #12

Updated by Steffen Kamper about 16 years ago

i attached a new patch takeing Jeffs advices into account

Actions #13

Updated by Steffen Kamper almost 16 years ago

committed v5 to trunk, rev 4591/92

Actions #14

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF