Bug #93105
closed
PersistedPatternMapper / PersistedAliasMapper: URL generation with arguments with leading numbers can lead to exceptions or wrong URLs
100%
Description
What I will describe can happen with both PersistedPatternMapper and PersistedAliasMapper.
How can it happen?
We can take the examples of the API docs as a base. Let us set the parameter news_title to /30-pigs-are-in-the-house . If I try to generate an url with this, the generation process will call the method findByIdentifier. See here.
The value will be 30-pigs-are-in-the-house. A row with uid=30 exists in table tx_news_domain_model_news. So this method will find this row and take the path_segment of this row as the new value of news_title. This can't be expected behavior.
The same can happen in PersistedPatternMapper. See here.
How can it be fixed?
In both findByIdentifier methods we should check if the value is numeric to migigate the effects of arguments starting with numbers.
Updated by
Updated by Gerrit Code Review 9 months ago
- Status changed from New to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80381
Updated by Gerrit Code Review 9 months ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80381
Updated by Gerrit Code Review 9 months ago
Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80381
Updated by Gerrit Code Review 9 months ago
Patch set 1 for branch 12.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/80416
Updated by Christian Spoo 9 months ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset fe9dde666e585945dd7c0cf1bfdeb334c52f0c5e.