Project

General

Profile

Actions

Bug #23862

closed

TYPO3 4.1.15: Incomplete whitelistPattern in function sanitizeLocalUrl (class.t3lib_div.php)

Added by Fronzes Philippe about 14 years ago. Updated about 14 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2010-10-28
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.1
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

When localizing a record in list view (by clicking on the lang flag), the redirect url parameters have this pattern:
id=pageId&table=&justLocalized=tx_table:parentRecordId:langId

Function sanitizeLocalUrl match this query string on the pattern '/^[a-z0-9_\/\.&=\?\+~-]+$/i'
This match failed because of the : which is not present.

Solution:
replace line 3607: $whitelistPattern = '/^[a-z0-9_\/\.&=\?\+~-]+$/i';
by : $whitelistPattern = '/^[:a-z0-9_\/\.&=\?\+~-]+$/i';

(issue imported from #M16157)


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #23321: t3lib_div::sanitizeLocalUrl() leads to fatal error on PHP4 systemsClosedOliver Hader2010-07-30

Actions
Actions

Also available in: Atom PDF