Project

General

Profile

Actions

Bug #91194

closed

Faulty follow-up tag detection in parseFunc & Co. (regression)

Added by Joschi Kuphal almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Content Rendering
Target version:
Start date:
2020-04-25
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
10
PHP Version:
7.3
Tags:
Complexity:
easy
Is Regression:
Yes
Sprint Focus:

Description

As of version 10.4.0, the ContentObjectRenderer fails to parse <abbr> elements correctly that are nested within <a> element. The reason is sort of an edge case but presumably this might happen with other element combinations as well. Basically, the problem is that the start elements for links and abbreviations both start with "<a" and the parsing routines don't consider the remainder when scanning for matching follow-up elements.

There are two spots in ContentObjectRenderer that need to get fixed. The patch illustrates the problem (and a possible solution), but obviously something better than Regex might be used.


Files

ContentObjectRenderer.patch (1.22 KB) ContentObjectRenderer.patch Joschi Kuphal, 2020-04-25 12:08

Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #39261: parseFunc does not handle nested tags correctClosed2012-07-25

Actions
Actions #1

Updated by Michael Sollmann almost 4 years ago

Additionally you have to check for the existence of $conf['tags.'] in line 3933 before using it in the foreach loop.

Something like:
if (strpos($data, '<') !== false && $conf['tags.']) {
foreach ($conf['tags.'] as $tag => $tagConfig) {

instead of:
if (strpos($data, '<') !== false) {
foreach ($conf['tags.'] as $tag => $tagConfig) {

Without this check it leads to an error in one of my 10.4.0 installations.

Actions #2

Updated by Josef Glatz almost 4 years ago

  • Related to Bug #91172: html comments in fluid template lead to exception added
Actions #3

Updated by Oliver Hader almost 4 years ago

  • Private changed from No to Yes
Actions #4

Updated by Oliver Hader almost 4 years ago

Investigating...

Actions #5

Updated by Oliver Hader almost 4 years ago

  • Related to deleted (Bug #91172: html comments in fluid template lead to exception)
Actions #7

Updated by Oliver Hader almost 4 years ago

Thanks for your report. This issue might have security implications - that's the reason why it is set to private for the time being.

As far as I understood, the failing HTML in CKEditor might look linke this (abbr nested in anchor tag), correct?

<a href="https://example.org/" target="..."><abbr>Content</abbr></a>

Actions #8

Updated by Joschi Kuphal almost 4 years ago

Exactly! There might be other combinations as well, e.g. <s><span>bla</span></s> (super rare, i know, but possible), but I didn't test these.

Actions #9

Updated by Oliver Hader almost 4 years ago

  • Related to Bug #39261: parseFunc does not handle nested tags correct added
Actions #10

Updated by Oliver Hader almost 4 years ago

https://review.typo3.org/c/Packages/TYPO3.CMS/+/58946 introduced first with TYPO3 v10.4.0

Actions #11

Updated by Oliver Hader almost 4 years ago

  • Private changed from Yes to No
Actions #12

Updated by Oliver Hader almost 4 years ago

Does not seem to be related to security topics... in case anyone identifies a potential vulnerability here, please report to

Moved from private to public again - the patch you provided seems to be okay...

Actions #13

Updated by Gerrit Code Review almost 4 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64409

Actions #14

Updated by Oliver Hader almost 4 years ago

I've pushed the provided patch (keeping author details) to Gerrit and would provide additional test cases for it...

Actions #15

Updated by Gerrit Code Review almost 4 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64409

Actions #16

Updated by Joschi Kuphal almost 4 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #17

Updated by Benni Mack almost 4 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF