Project

General

Profile

Actions

Bug #35069

open

addQueryString.exclude should take precedence over config.linkVars

Added by Anonymous over 12 years ago. Updated about 2 years ago.

Status:
Under Review
Priority:
Should have
Assignee:
-
Category:
TypoScript
Target version:
-
Start date:
2012-03-21
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.7
PHP Version:
Tags:
Complexity:
hard
Is Regression:
No
Sprint Focus:

Description

Getting rid of an URL parameter when creating a typolink seems to be impossible using addQueryString.exclude when the parameter is set to the list of config.linkVars.

config.linkVars = L(int)
somelink = TEXT
someline {
    value = this link keeps the L parameter
    typolink {
        parameter.data = TSFE:id
        addQueryString = 1
        addQueryString.method = GET
        addQueryString.exclude = L
    }
}

the generated link will contain the parameter L whenever it is set in the calling URL.

the following seems to kinda work as a workaround when RealURL is active and configured to drop an empty L:

somelink.typolink.additionalParams = &L=

the problem can be tracked down to the method linkData() in class.t3lib_tstemplate.php where all the linkVars are being added to the URL:

1379                         // linkVars
1380                 if ($GLOBALS['TSFE']->config['config']['uniqueLinkVars']) {
1381                         if ($addParams) {
1382                                 $LD['linkVars'] = t3lib_div::implodeArrayForUrl('', t3lib_div::explodeUrl2Array($GLOBALS['TSFE']->linkVars . $addParams), '', FALSE, TRUE);
1383                         } else {
1384                                 $LD['linkVars'] = $GLOBALS['TSFE']->linkVars;
1385                         }
1386                 } else {
1387                         $LD['linkVars'] = $GLOBALS['TSFE']->linkVars . $addParams;
1388                 }

linkData() is being called from class.tslib_content.php AFTER gotten rid of the unwanted parameter:
5745       // Query Params:
5746       $addQueryParams = $conf['addQueryString'] ? $this->getQueryArguments($conf['addQueryString.']) : '';
5747       $addQueryParams .= isset($conf['additionalParams.'])
5748              ? trim($this->stdWrap($conf['additionalParams'], $conf['additionalParams.']))
5749              : trim($conf['additionalParams']);
5750       if ($addQueryParams == '&' || substr($addQueryParams, 0, 1) != '&') {
5751               $addQueryParams = '';
5752       }

...

5885        } else { // Internal link or current domain's linking scheme should be used
5886              if ($forceTarget) {
5887                      $target = $forceTarget;
5888              }
5889              $LD = $GLOBALS['TSFE']->tmpl->linkData(
5890                    $page,
5891                    $target,
5892                    $conf['no_cache'],
5893                    '',
5894                    '',
5895                    $addQueryParams,
5896                    $theTypeP,
5897                    $targetDomain
5898              );

i encountered this behaviour in TYPO3 4.5, the source above is from 4.7 though.

Actions #1

Updated by Jigal van Hemert over 12 years ago

  • Category set to TypoScript
  • Status changed from New to Accepted
  • Target version set to 4.5.14
Actions #2

Updated by Helmut Hummel over 12 years ago

  • Target version changed from 4.5.14 to 4.7.0-beta3
  • Complexity set to hard

Changing that in released version might cause unexpected results. I would not risk to break sites by changing the behavior, but rather change it for a new version.

Actions #3

Updated by Mathias Schreiber almost 10 years ago

  • Subject changed from addQueryString.exclude does not work for config.linkVars to addQueryString.exclude should take precedence over config.linkVars
  • Target version changed from 4.7.0-beta3 to 7.2 (Frontend)
  • Is Regression set to No
Actions #4

Updated by Benni Mack over 9 years ago

  • Target version changed from 7.2 (Frontend) to 7.4 (Backend)
Actions #5

Updated by Susanne Moog over 9 years ago

  • Target version changed from 7.4 (Backend) to 7.5
Actions #6

Updated by Benni Mack about 9 years ago

  • Target version changed from 7.5 to 7 LTS
Actions #7

Updated by Mathias Schreiber about 9 years ago

  • Target version deleted (7 LTS)
Actions #8

Updated by Alex Kellner about 6 years ago

This is still a thing in the latest TYPO3 8.7 version.

Actions #9

Updated by Oliver Hader almost 3 years ago

Please also see

TYPO3-PSA-2021-003: Mitigation of Cache Poisoning Caused by Untrusted URL Query Parameters
https://typo3.org/security/advisory/typo3-psa-2021-003

Actions #10

Updated by Oliver Hader almost 3 years ago

Besides that, I guess the original report is still a topic in TYPO3 v11.

Actions #11

Updated by Gerrit Code Review about 2 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/76606

Actions #12

Updated by Gerrit Code Review about 2 years ago

Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/76606

Actions

Also available in: Atom PDF