Bug #35601
closedstripping characters in flexform fields (type "text")
100%
Description
In TYPO3 v4.5.14 on an Apache Server with PHP 5.3.10 TYPO strips some characters like angle brackets and quotation marks from flexform fields type "text", so that a typoscript configuration in a plugin like that:
wrap = <div id="dokument"> | </div>
will be saved as that:
wrap = div id=dokument | /div
and of course won't work...
Seen in extensions: typocript_code, tt_news (additional typoscript field: myTS)
Worked on TYPO3 v4.5 and PHP 5.3 each with previous versions.
So, is it a bug or a security fix? Any workarround?
Thanking you in anticipation.
Updated by Georg Ringer over 12 years ago
- Status changed from New to Needs Feedback
where exactly do you enter this TS?
I am not aware of any stripping-feature which has been introduced
Updated by Thomas Dudzak over 12 years ago
I entered it in two formular fields of the type text in tt_news and typoscript_code.
The tt_news field is the myTS-field on the s_misc-sheet of the flexform_ds.xml configuration file. Code is that:
<myTS> <TCEforms> <displayCond>HIDE_FOR_NON_ADMINS</displayCond> <exclude>1</exclude> <label>LLL:EXT:tt_news/locallang_tca.xml:tt_news.pi_flexform.tsconfig</label> <config> <type>text</type> <cols>80</cols> <rows>10</rows> </config> </TCEforms> </myTS>
And in typoscript_code I used the field code_text in flexform_ds_pi1.xml
<code_text> <TCEforms> <exclude>1</exclude> <label>LLL:EXT:typoscript_code/locallang_db.php:flex.code.text</label> <config type="array"> <type>text</type> <cols>48</cols> <rows>20</rows> </config> </TCEforms> </code_text>
So in both there isn't provided any explicit validation of submitted content.
I found another "typosrcript as plugin"-extension called typoscriptce. This one does not use flexforms but tca-configuration. And that one works as it should...
There are two more Typo3 installations I'm responsible for. They are technically identical with that one, where the bug occured. But now I forund out that both does not have any problem like this. The only thing, that is different between that two and the buggy installtion is the PHP version, updated by the hoster last week i have read. The buggy one has v5.3.10, the others v5.3.4 (?). So it seems to me, that this is not a TYPO update problem, but a problem caused by PHP that breaks validation (?) of flexform fields... But also that I would like to repair, but don't know, where to for... ;)
Updated by Georg Ringer over 12 years ago
- Status changed from Needs Feedback to Closed
- % Done changed from 0 to 100
as you found out yourself, this isn't an issue of TYPO3 but because of a misconfiguration of the server. therefore I am closing this issue.
Updated by Fedir RYKHTIK about 12 years ago
If there are some news about it ?
We have exactly the same situation, PHP v.5.2.6.
Any ideas ?