Bug #50141
closed
htmlspecialchars on all links in markers
100%
Description
All occurences of $this->getPageLink() used to generate links for markers should have third parameter set to true.
In file felogin/Classes/Controller/FrontendLoginController.php on lines 270, 367, 602.
And TRUE should be rewritten as true (in ACTION_URI marker).
Files
Updated by Philipp Gampe over 11 years ago
- Status changed from New to Needs Feedback
Please check for any side effects.
You may also push a patch for this: http://wiki.typo3.org/CWT
Updated by Stano Paska over 11 years ago
I doublechecked all usages of $this->getPageLink() and all occurences are only used to fill markers that goes into html.
This function is protected, so other calls from outside is not permitted.
Maybe only from childrens of this class, but IFAIK this not used anywhere.
And I found that on line 375 $this->pi_getPageLink() could be rewritten into $this->getPageLink too (or htmlspecialcharred).
Updated by Philipp Gampe over 11 years ago
Can you push a patch.
BTW, boolean values should be written uppercase (TRUE, FALSE, NULL) if they are PHP code.
Updated by Stano Paska over 11 years ago
Almost everything that I wrote into this issue, was not good.
My colleague was heavily modified our felogin template, so on our web it was generated html validation warnings :-(
Original usage was
<p>###BACKLINK_LOGIN### </p>
and we have
<a href="###BACKLINK_LOGIN###">back</a>
and so on...
But, fortunately I have discovered at least one bug :-)
I am sending patch.
Updated by Philipp Gampe over 11 years ago
Looks good. Can you push this patch to gerrit? http://wiki.typo3.org/CWT
Updated by Gerrit Code Review over 11 years ago
- Status changed from Needs Feedback to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/22721
Updated by Gerrit Code Review over 11 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/22721
Updated by Gerrit Code Review almost 10 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/22721
Updated by Gerrit Code Review over 9 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/22721
Updated by Gerrit Code Review over 9 years ago
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/41724
Updated by Stano Paska over 9 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 10c666aabedd46e71e5aecb27ac068f14b1763f6.
Updated by