stripping characters in flexform fields (type "text")
In TYPO3 v4.5.14 on an Apache Server with PHP 5.3.10 TYPO strips some characters like angle brackets and quotation marks from flexform fields type "text", so that a typoscript configuration in a plugin like that:
wrap = <div id="dokument"> | </div>
will be saved as that:
wrap = div id=dokument | /div
and of course won't work...
Seen in extensions: typocript_code, tt_news (additional typoscript field: myTS)
Worked on TYPO3 v4.5 and PHP 5.3 each with previous versions.
So, is it a bug or a security fix? Any workarround?
Thanking you in anticipation.
Updated by Thomas Dudzak about 10 years ago
I entered it in two formular fields of the type text in tt_news and typoscript_code.
The tt_news field is the myTS-field on the s_misc-sheet of the flexform_ds.xml configuration file. Code is that:
<myTS> <TCEforms> <displayCond>HIDE_FOR_NON_ADMINS</displayCond> <exclude>1</exclude> <label>LLL:EXT:tt_news/locallang_tca.xml:tt_news.pi_flexform.tsconfig</label> <config> <type>text</type> <cols>80</cols> <rows>10</rows> </config> </TCEforms> </myTS>
And in typoscript_code I used the field code_text in flexform_ds_pi1.xml
<code_text> <TCEforms> <exclude>1</exclude> <label>LLL:EXT:typoscript_code/locallang_db.php:flex.code.text</label> <config type="array"> <type>text</type> <cols>48</cols> <rows>20</rows> </config> </TCEforms> </code_text>
So in both there isn't provided any explicit validation of submitted content.
I found another "typosrcript as plugin"-extension called typoscriptce. This one does not use flexforms but tca-configuration. And that one works as it should...
There are two more Typo3 installations I'm responsible for. They are technically identical with that one, where the bug occured. But now I forund out that both does not have any problem like this. The only thing, that is different between that two and the buggy installtion is the PHP version, updated by the hoster last week i have read. The buggy one has v5.3.10, the others v5.3.4 (?). So it seems to me, that this is not a TYPO update problem, but a problem caused by PHP that breaks validation (?) of flexform fields... But also that I would like to repair, but don't know, where to for... ;)