Bug #92540

TYPO3\CMS\Extbase\Annotation\Validate URL can break the server in certain cases

Added by Christian Hackl 11 days ago. Updated 9 days ago.

Status:
Needs Feedback
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2020-10-12
Due date:
% Done:

0%

TYPO3 Version:
10
PHP Version:
7.4
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

if i use URL-validation in my Model like this:

namespace Vendor/ExtKey/Domain/Model/MyModel;

...

/**
 * Facebook
 * @var string
 * @TYPO3\CMS\Extbase\Extbase\Validate("Url")
 */
protected $facebook;

...

and if an URL such as "https://www.domain.tld _blank" is stored in the database (e.g. a TYPO3-Link notation), the server will crash - no TYPO3 error message!

With nginx Error:
HTTP 502 Bad Gateway

With Apache Error:
Fatal error: Allowed memory size of 268435456 bytes exhausted (tried to allocate 262144 bytes) in C:\MAMP\htdocs\typo3_sources\typo3_src-10.4.7\typo3\sysext\extbase\Classes\Error\Result.php on line 244

expectation:
- Error handling of TYPO3 including log message.
- and best of all a validator or a parameter for the existing validator with which "TYPO3 links" can be considered.

History

#1 Updated by Georg Ringer 10 days ago

  • Status changed from New to Needs Feedback

Thanks for creating the issue. How can this be reproduced? Can you provide a sample code?

Additionally, could you check if the memory issue comes from \TYPO3\CMS\Core\Utility\GeneralUtility::isValidUrl? thanks

#2 Updated by Christian Hackl 9 days ago

I am quite sure that this comes from ::isValidUrl(), yes.

Well, the fastest way to reproduce this (i think) is to add the validator in the model with EXT:tt_address and the "www" field and manually add a corresponding wrong entry in the DB... then, try to call this entry in the FE. :)

Also available in: Atom PDF