Bug #23862
closed
TYPO3 4.1.15: Incomplete whitelistPattern in function sanitizeLocalUrl (class.t3lib_div.php)
0%
Description
When localizing a record in list view (by clicking on the lang flag), the redirect url parameters have this pattern:
id=pageId&table=&justLocalized=tx_table:parentRecordId:langId
Function sanitizeLocalUrl match this query string on the pattern '/^[a-z0-9_\/\.&=\?\+~-]+$/i'
This match failed because of the : which is not present.
Solution:
replace line 3607: $whitelistPattern = '/^[a-z0-9_\/\.&=\?\+~-]+$/i';
by : $whitelistPattern = '/^[:a-z0-9_\/\.&=\?\+~-]+$/i';
(issue imported from #M16157)
Updated by Steffen Gebert over 13 years ago
Can you reproduce this also in newer versions of TYPO3? Version 4.1.x isn't supported anymore.
Updated by Chris topher over 13 years ago
This problem was introduced by #23321, which was only committed to the TYPO3 branch 4.1.
The function sanitizeLocalUrl() works differently in newer versions, so that I don't think that they are affected by this bug as well.
As you can read on http://typo3.org/download/packages/ the 4.1 branch is no longer supported.
You should update to a newer version to solve this problem.
Updated by Fronzes Philippe over 13 years ago
I know that 4.1.x is not supported anymore.
But I just would like to share this issue and it's solution, because i know that there is a lot of TYPO3 sites which run on old versions, and often, it's more easy to apply such a little patch than update an old site.
Hope it can help many of us so.
Updated by Chris topher over 13 years ago
Thanks for taking care to make TYPO3 a better system!
I would like to inform you that people can still read your proposed solution here, when the issue is closed.
For reasons of our regular workflow we will have to keep the issue closed - thanks for your understanding.