Bug #54027

htmlspecialchars issue with select fields / filemounts

Added by Alexander Stehlik over 8 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
File Abstraction Layer (FAL)
Target version:
Start date:
2013-11-28
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
5.4
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

I'm not sure if this is a general issue or just an issue with filemounts.

When you have a folder with a special character (e.g. &) the value that is stored in the Database is HTML-encoded. The check if a given subfolder / file within the mount is accessible will fail.

When you look at the HTML source of the select field in the Backend, you see that the value is double HTML-encoded. I do not know if this double encoding in the value is intended behavior (which would be strange).

After clarification either the select fields need to be fixed or the filemount folder needs to be HTML-decoded.

#1

Updated by Markus Klein over 8 years ago

  • Category set to File Abstraction Layer (FAL)

IMHO the DB content should not be encoded at all.

#2

Updated by Gerrit Code Review over 8 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25770

#3

Updated by Steffen Ritter over 8 years ago

We need to have a look form the security side as well...

#4

Updated by Gerrit Code Review over 8 years ago

Patch set 1 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/26367

#5

Updated by Gerrit Code Review over 8 years ago

Patch set 1 for branch TYPO3_6-0 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/26368

#6

Updated by Alexander Stehlik over 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#7

Updated by Riccardo De Contardi over 4 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF