Bug #96858
closed
Encoded tokens (e.g. in redirectUrl) are not sanitized in the log
100%
Description
Encoded tokens (e.g. in redirectUrl) are not sanitized in the log.
Example exception¶
(I have no clue how I produced it)
Note: In the log, the % is additionally escaped.
Reduced to important parts¶
?token=--AnonymizedToken--&returnUrl=%%3Ftoken%%3D14d0db7abc481cd5975d1d759924fb7216194d7f
Full log entry¶
Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1441706370: Button "TYPO3\CMS\Backend\Template\Components\Buttons\LinkButton" is not valid | InvalidArgumentException thrown in file /var/www/html/typo3/sysext/backend/Classes/Template/Components/ButtonBar.php in line 68. Requested URL: http://t3master.ddev.site/typo3/record/edit?token=--AnonymizedToken--&edit%%5Bpages%%5D%%5B2%%5D=new&returnUrl=%%2Ftypo3%%2Fmodule%%2Fweb%%2Flist%%3Ftoken%%3D14d0db7abc481cd5975d1d759924fb7216194d7f%%26id%%3D2%%26table%%3D%%26pointer%%3D1
Updated by Gerrit Code Review almost 3 years ago
- Status changed from New to Under Review
Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/73456
Updated by Gerrit Code Review almost 3 years ago
Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/73456
Updated by Gerrit Code Review almost 3 years ago
Patch set 1 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/73399
Updated by Imko Schumacher almost 3 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 3704e20085e0d4a1765107341423bc3b45499480.
Updated by