Bug #96858

closed

Encoded tokens (e.g. in redirectUrl) are not sanitized in the log

Added by Imko Schumacher almost 3 years ago. Updated about 2 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Category:

Target version:

Candidate for patchlevel

Start date:

2022-02-12

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

PHP Version:

Tags:

Complexity:

easy

Is Regression:

Sprint Focus:

Description

Encoded tokens (e.g. in redirectUrl) are not sanitized in the log.

Example exception¶

(I have no clue how I produced it)
Note: In the log, the % is additionally escaped.

Reduced to important parts¶

?token=--AnonymizedToken--&returnUrl=%%3Ftoken%%3D14d0db7abc481cd5975d1d759924fb7216194d7f

Full log entry¶

Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1441706370: Button "TYPO3\CMS\Backend\Template\Components\Buttons\LinkButton" is not valid | InvalidArgumentException thrown in file /var/www/html/typo3/sysext/backend/Classes/Template/Components/ButtonBar.php in line 68. Requested URL: http://t3master.ddev.site/typo3/record/edit?token=--AnonymizedToken--&edit%%5Bpages%%5D%%5B2%%5D=new&returnUrl=%%2Ftypo3%%2Fmodule%%2Fweb%%2Flist%%3Ftoken%%3D14d0db7abc481cd5975d1d759924fb7216194d7f%%26id%%3D2%%26table%%3D%%26pointer%%3D1

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #96858

Encoded tokens (e.g. in redirectUrl) are not sanitized in the log

Example exception¶

Reduced to important parts¶

Full log entry¶

Updated by Gerrit Code Review almost 3 years ago

Updated by Gerrit Code Review almost 3 years ago

Updated by Gerrit Code Review almost 3 years ago

Updated by Imko Schumacher almost 3 years ago

Updated by Benni Mack about 2 years ago