Bug #35090

base64-encode of URI-transferred serialized objects

Added by Adrian Föder over 9 years ago. Updated about 8 years ago.

Status:
Resolved
Priority:
Should have
Assignee:
Category:
-
Target version:
-
Start date:
2012-03-21
Due date:
% Done:

100%

Estimated time:
Has patch:
Yes

Description

At least Fluid-Widgets add a serialized object to links in order to transfer them across requests.
Maybe it's considerable to base64-encode these serialized objects to avoid problems like the suhosin's null-byte-omission.

Additional explanation: serialized objects contain NULL bytes if a property of the object is protected.

#1

Updated by Adrian Föder over 9 years ago

  • Assignee set to Bastian Waidelich
#2

Updated by Bastian Waidelich about 9 years ago

  • Assignee deleted (Bastian Waidelich)

Mh, base64 encoding sounds a bit "expensive" to me, but I can't really judge this atm.
I unassign myself for now so someone else can comment on this

#3

Updated by Adrian Föder about 8 years ago

another reason would be that, apparently, the Pound (http://linux.die.net/man/8/pound) does also not support NULL bytes in URIs: http://www.apsis.ch/pound/pound_list/archive/2012/2012-07/1341212883000/index_html?fullMode=1#1341341716000

#4

Updated by Adrian Föder about 8 years ago

  • Category set to MVC
  • Status changed from New to Accepted
  • Assignee set to Adrian Föder
#5

Updated by Adrian Föder about 8 years ago

  • Project changed from TYPO3.Flow to TYPO3.Fluid
  • Category deleted (MVC)
#6

Updated by Adrian Föder about 8 years ago

  • Subject changed from Evaluate base64_encoding of URI-transferred serialized objects to base64-encode of URI-transferred serialized objects
#7

Updated by Adrian Föder about 8 years ago

as a side note, the URI length w/o base64 encoding, resulting in the need to urlencode it, is 546 bytes; where the base64 encoded variant is 516 characters long.

#8

Updated by Gerrit Code Review about 8 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/22264

#9

Updated by Adrian Föder about 8 years ago

  • Tracker changed from Task to Bug
  • Has patch changed from No to Yes

changed to Bug because the current behavior will definitely break for the mentioned circumstances (using Suhosin)

#10

Updated by Gerrit Code Review about 8 years ago

Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/22264

#11

Updated by Adrian Föder about 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF