Project

General

Profile

Actions
Copy link

Bug #28352

closed

tslib_cObj->typolink generate a cHash even if not needed

Added by Popy no-lastname-given about 13 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Caching
Target version:
4.6.0-RC1
Start date:
2011-07-20
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
4.6
PHP Version:
Tags:
Complexity:
medium
Is Regression:
Sprint Focus:

Description

The typolink function generate a cHash if there's some "additionalParams".

In most case that's not a problem, but if every additional parameter is filtered out in t3lib_div::cHashParams (with hooks, for instance), a cHash is still generated (as typolink will always hash the return t3lib_div::cHashParams' value)

As cHash validity is still not checked if no cHash was given (which is another bug), fixing only typolink function could be enougth to solve this little bug.
If needed, I can provide patche(s).

BTW, the generated cHash will be (one of the) valid for every url without get parameters (as queryString is "exploded" instead of "trimExploded", that kind of urls can have 2 different cHashes, depending on the presence of a "core parameter").

A malicius user could exploit this issue to get those 2 différents cHashes and "triple cache" every page on a typo3 instance, resulting in a (light) cache flooding.

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #32025: cHash generation does not respect linkVarsClosedHelmut Hummel2011-11-23

Actions
Actions
Copy link

Also available in: Atom PDF