Task #88755

Remove POST option from typolink.addQueryString

Added by Oliver Hader 3 months ago. Updated 3 months ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Link Handling, Site Handling & Routing
Target version:
-
Start date:
2019-07-15
Due date:
% Done:

100%

TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Setting addQueryString.method of typolink could be used like shown below in order to transform HTTP POST parameters into according GET parameters.

    typolink {
        parameter = 123
        addQueryString = 1
        addQueryString.method = POST
    }

In terms of correctly using HTTP verbs it's bad practise in general to treat GET and POST equally, besides that documentation already mentioned potential side-effects like accidentally exposing sensitive data submitted via POST to proxies or log files.

That's why values POST, GET,POST and POST,GET are not allowed anymore for typolink.addQueryString.method. Maintaining functionality - if required at all - has to be done using domain specific logic in according controllers or middleware implementations.

The POST feature has been introduced before TYPO3 v4.0 already, GET,POST and POST,GET were introduced for TYPO3 v4.1 with #16859 in 6537dd5c4806419f74e92a4b4855b2a2c108a621


Related issues

Related to TYPO3 Core - Feature #16859: typolink.addQueryString: Enable usage of merged POST and GET data by new TypoScript configuration Closed 2007-01-16

Associated revisions

Revision 8cfc18a5 (diff)
Added by Oliver Hader 3 months ago

[!!!][TASK] Remove POST option from typolink.addQueryString.method

Setting `addQueryString.method` of typolink could be used like shown
below in order to transform HTTP POST parameters into according GET
parameters.

typolink {
parameter = 123
addQueryString = 1
addQueryString.method = POST
}

In terms of correctly using HTTP verbs it's bad practise in general
to treat GET and POST equally, besides that documentation already
mentioned potential side-effects like accidentally exposing sensitive
data submitted via POST to proxies or log files.

That's why values POST, GET,POST and POST,GET are not allowed anymore
for `typolink.addQueryString.method`. Maintaining functionality - if
required at all - has to be done using domain specific logic in
according controllers or middleware implementations.

Resolves: #88755
Releases: master
Change-Id: I6ecfdd2ee98251b64093c1a13f9371beea862ddd
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/61295
Tested-by: Benjamin Franzke <>
Tested-by: TYPO3com <>
Tested-by: Andreas Fernandez <>
Reviewed-by: Benjamin Franzke <>
Reviewed-by: Andreas Fernandez <>

History

#1 Updated by Oliver Hader 3 months ago

  • Related to Feature #16859: typolink.addQueryString: Enable usage of merged POST and GET data by new TypoScript configuration added

#3 Updated by Oliver Hader 3 months ago

  • Description updated (diff)

#4 Updated by Oliver Hader 3 months ago

  • Description updated (diff)

#5 Updated by Gerrit Code Review 3 months ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61295

#6 Updated by Gerrit Code Review 3 months ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61295

#7 Updated by Gerrit Code Review 3 months ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61295

#8 Updated by Gerrit Code Review 3 months ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61295

#9 Updated by Gerrit Code Review 3 months ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61295

#10 Updated by Gerrit Code Review 3 months ago

Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61295

#11 Updated by Gerrit Code Review 3 months ago

Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61295

#12 Updated by Gerrit Code Review 3 months ago

Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61295

#13 Updated by Gerrit Code Review 3 months ago

Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61295

#14 Updated by Gerrit Code Review 3 months ago

Patch set 10 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61295

#15 Updated by Gerrit Code Review 3 months ago

Patch set 11 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/61295

#16 Updated by Oliver Hader 3 months ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#17 Updated by Benni Mack 3 months ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF