Bug #50141
closed
htmlspecialchars on all links in markers
Added by Stano Paska over 11 years ago.
Updated about 6 years ago.
Description
All occurences of $this->getPageLink() used to generate links for markers should have third parameter set to true.
In file felogin/Classes/Controller/FrontendLoginController.php on lines 270, 367, 602.
And TRUE should be rewritten as true (in ACTION_URI marker).
Files
- Status changed from New to Needs Feedback
I doublechecked all usages of $this->getPageLink() and all occurences are only used to fill markers that goes into html.
This function is protected, so other calls from outside is not permitted.
Maybe only from childrens of this class, but IFAIK this not used anywhere.
And I found that on line 375 $this->pi_getPageLink() could be rewritten into $this->getPageLink too (or htmlspecialcharred).
Can you push a patch.
BTW, boolean values should be written uppercase (TRUE, FALSE, NULL) if they are PHP code.
Almost everything that I wrote into this issue, was not good.
My colleague was heavily modified our felogin template, so on our web it was generated html validation warnings :-(
Original usage was
<p>###BACKLINK_LOGIN### </p>
and we have
<a href="###BACKLINK_LOGIN###">back</a>
and so on...
But, fortunately I have discovered at least one bug :-)
I am sending patch.
- Status changed from Needs Feedback to Under Review
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/22721
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/22721
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/41724
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by