Clearing caches in backend only displays empty frame
Clearing caches in backend only displays empty frame - applies for the typo3conf and the frontend cache.
(issue imported from #M15263)
$this->redirect = t3lib_div::sanitizeBackEndUrl(t3lib_div::_GP('redirect'));
seems to cause this behavior.
When I remove the sanitizeBackEndUrl() part (and reload the whole backend), it works.
EDIT: And adding exactly this has been the security fix...
after applying the patch 0015260 there is no error message but as described an empty frame
In my opinion it´s not resolved.
I additionally had to change line 3552 in class.t3lib_div.php:
Old: $whitelistPattern = '/^[a-zA-Z0-9_\/\.&=\?]+$/';
New: $whitelistPattern = '/^[a-zA-Z0-9_\/\.&=\?:-]+$/';
Reason: I have a "-" (minus) in the domain name and base href set, so the redirection url is like http://www.domain-with-minus.tld. Therefore I need two additional chars in the whitlist, ":" and "-".
exactly.. so we have to add all possible chars, which can be in a host name? bad idea..
confirmed. patch from issue #0015260 doesn't solve this problem for me.
Root of the problem the following:
t3lib_div::sanitizeLocalUrl() in 4.1 is now a wrapper for sanitizeBackEndUrl(), but treated by the security fix to behave like sanitizeLocalUrl() in 4.2+, although the behavior is obviously not the same.
Steffen is right... issue #23286 just solves the error message but the intention of the concerned method is different.
Find attached a version that reverts the changes of issue #23286 again, and reimplements sanitizeLocalUrl() for TYPO3 4.1 (which stays still compatible to PHP4).
patch works for me,
patch works fine here
TYPO3 4.1.14, PHP 5.2.12 and 5.3.2
Please give your votes in the core list / news group!
Anybody here running a PHP4? Think this has really to be tested, too ;-)
Sorry, but i can't find a find a RFC for 15263 in core list, so i posted here
gregor already told me.. sorry ;-)
Let's wait for olly, till he sends the RFC
patch works with PHP4
but you have to change stripos to strpos in t3lib/class.t3lib_div.php (~ line 840)
Works for me if you change stripos to strpos in function isOnCurrentHost($url)
The patch of issue #23286 was reverted again in TYPO3_4-1. The attached patch (v2) will be committed to TYPO3_4-1 as soon as possible.
The v2 patch thus can also be applied to the released package of TYPO3 4.1.14
Committed to SVN TYPO3_4-1 (rev. 8453)
Also available in: Atom