Bug #52156
closed
jumpurl.secure juHash error with URL encoded characters
100%
Description
When an URL to file contains URL encoded characters like spaces or ampersands the juHash check will fail with this error (Exception code is 1294585196):
jumpurl Secure: Calculated juHash did not match the submitted juHash.
The reason for this failure is obvious:
The hash gets calculated with an URL encoded version of the link in:
\TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::locDataJU()
Then the hash is checked against the non URL encoded version of the link in:
\TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController::jumpUrl()
My solution would be to URL decode the link before generating the hash. Any objections / other ideas?
Updated by Gerrit Code Review about 11 years ago
- Status changed from New to Under Review
Patch set 2 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review about 11 years ago
Patch set 3 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Markus Klein about 11 years ago
I agree with your solution, but I would rather encode it in TypoScriptFrontendController.
Updated by Alexander Stehlik about 11 years ago
Hi Markus,
thanks for the quick feedback.
I thought about that, too. But this would be more complicated (need to parse the URL etc.) because if you run:
rawurlencode("http://www.myurl.tld/?param=value 1");
you will get this as a result:
http%3A%2F%2Fwww.myurl.tld%2F%3Fparam%3Dvalue%201
The other way around is much easier. What problems do you see with the current solution?
Updated by Alexander Stehlik about 11 years ago
Hallo again,
after a night of sleeping I think I found the solution (using the same URL encoding method that is used during the generation of the URL):
$theFileEnc = str_replace('%2F', '/', rawurlencode(rawurldecode($link_param)));
I will look further into that and provide a new patch.
Updated by Gerrit Code Review about 11 years ago
Patch set 4 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review about 11 years ago
Patch set 5 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review about 11 years ago
Patch set 6 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review about 11 years ago
Patch set 7 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review about 11 years ago
Patch set 8 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review about 11 years ago
Patch set 9 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review about 11 years ago
Patch set 10 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review about 11 years ago
Patch set 11 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review about 11 years ago
Patch set 12 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review about 11 years ago
Patch set 13 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review about 11 years ago
Patch set 14 for branch master has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review almost 11 years ago
Patch set 15 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review almost 11 years ago
Patch set 16 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review almost 11 years ago
Patch set 17 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review almost 11 years ago
Patch set 18 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review almost 11 years ago
Patch set 19 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review almost 11 years ago
Patch set 20 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review over 10 years ago
Patch set 21 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review over 10 years ago
Patch set 22 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review over 10 years ago
Patch set 23 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review over 10 years ago
Patch set 24 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review over 10 years ago
Patch set 25 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review over 10 years ago
Patch set 26 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/23940
Updated by Gerrit Code Review almost 10 years ago
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review almost 10 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review almost 10 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review almost 10 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review over 9 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review over 9 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review over 9 years ago
Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review over 9 years ago
Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review over 9 years ago
Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review over 9 years ago
Patch set 10 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review over 9 years ago
Patch set 11 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review over 9 years ago
Patch set 12 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review over 9 years ago
Patch set 13 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review about 9 years ago
Patch set 14 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review about 9 years ago
Patch set 15 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review about 9 years ago
Patch set 16 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review about 9 years ago
Patch set 17 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review about 9 years ago
Patch set 18 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Gerrit Code Review about 9 years ago
Patch set 19 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/36211
Updated by Alexander Stehlik about 9 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 82aa1a21a4265db158053d81f1d125b894d541de.
Updated by Riccardo De Contardi about 7 years ago
- Status changed from Resolved to Closed