Bug #18673
closed
Shortcut ends in parse_url-error
0%
Description
When you call page properties from clickmenu and then create a shortcut it ends up in a parse_url-error. The shortcut is saved wrong and BE is unusable until deleting this shortcut from DB table.
Reason for this is a urldecode on url in following line:
$url = urldecode(t3lib_div::_POST('url'));
Having something in url like
returnUrl%3Dhttp%253A%252F%252Flocalhost%252Ft3%252Ftrunk%252Ftypo3%252Falt_doc.php%253Fedit%255Bpages%255
the urldecoded part of returnUrl produces errors.
removing the urldecode fixes the problem.
(issue imported from #M8205)
Files
Updated by Steffen Kamper about 16 years ago
sry guys, the fix doesn't work. it removes a parse_url-error but left some other problems.
When comparing the shortcutlinks after clickmenu and the normal call only returnUrl is different.
correct: /t3/trunk/altdoc.php?...
wrong: http://localhost/t3/trunk/altdoc.php?...
Updated by David Triebe almost 16 years ago
I just stumbled across the same issue in 4.2.1 when creating a shortcut to a backend group.
As in Steffen's note, removing the http://hostname works fine.
So a quick fix might be something like this:
$url = preg_replace("/http:\/\/[^\/]*/", "", $url);
But of course it'd be better to remove it from the start.
Updated by Benni Mack almost 16 years ago
somebody wants to create a patch for this?
Updated by David Triebe almost 16 years ago
I just added a small patch which removes http protocol parts from the shortcut's URI before inserting it into the db.
I'm still not sure if that's a good place or if one should search for all places where absolute URLs are used in the backend. I assume that those could all be replaced with local absolute urls (leading slash). Sounds cleaner to me right now.
I'm on the run now, maybe I can check that out later. Or someone else, as I have no idea of where to start ;-)
Updated by Steffen Kamper almost 16 years ago
your patch doesn't solve the problem, parse_url-error still exists.
Fortunally i found the problem and fixed it with attached patch, so please test this.
The patch fixes 2 bugs
1) in ajax call for createShortcut: $_GET['url'] should not go through urldecode
2) bug in creating the links for the docHeader-buttons upload & new, where htmlspecialchars was used instead of rawurlencode
Updated by David Triebe almost 16 years ago
Updated by Steffen Kamper almost 16 years ago
i don't have any host-entries after the patch
Updated by Steffen Kamper almost 16 years ago
ok, now i found the host.
The problem is, that normally REQUEST_URI is used for returnUrl, which doesn't contain the host.
In JS the property document.location is used, which contains the host.
All urls in Clickmenu are using the JS-Method, but fortunally they use top.rawurlencode, so this is the place where i extract the host from urls:
var host = "' . t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST') . '";
str = str_replace(host,"",str);
so this is part 1 of my new patch
part 2/3 is in Ajaxcall for create shortcut.
2) url doesn't have to be urldecoded here
3) for edit links $shortcut['recordid'] holds the pageId which has to be used for the shortcut label
Updated by Steffen Kamper over 15 years ago
attached is the latest patch: 8305_shortcut3.diff
Updated by Rob Vonk over 15 years ago
I tried running the patch on a fresh 4.2.2 and trunk version but it gives errors on both systems..
Tried running it with patch on ubuntu linux, patch on windows and tortoisesvn on windows. Nothing works.
Updated by Christian Kuhn over 15 years ago
Attached new
8205_shortcut4.diff (for trunk)
8205_shortcut4_4.2.diff (for 4.2-branch)
to fix failing hunks in 8205_shortcut3.diff. No logic change. Please retest.
Updated by Steffen Kamper over 15 years ago
i attached a new patch takeing Jeffs advices into account