Project

General

Profile

Actions

Bug #97727

open

RteHtmlParser crashes with ill-formed HTML

Added by Christian Spoo over 1 year ago. Updated 25 days ago.

Status:
Needs Feedback
Priority:
Should have
Assignee:
-
Category:
RTE (rtehtmlarea + ckeditor)
Target version:
-
Start date:
2022-06-02
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
11
PHP Version:
8.0
Tags:
Complexity:
Is Regression:
Sprint Focus:
Stabilization Sprint

Description

Ill-formed HTML may crash the RteHtmlParser. This can e.g. occur if pre-generated source is being added to a text element and subsequently saved without switching back to the RTE view before. This bug may be related to #93302 but this has not yet been verified.

To trigger the bug you can create a text element, switch to the Source view and paste in HTML such as the following:

<ol><li>foo</li><li>bar</li><ol>

(note the incorrectly closed "ol" tag)

After saving each attempt to edit the new record again will fail with the following stack trace:

TYPO3\CMS\Core\Error\Exception: PHP Warning: Undefined array key 2 in /server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Html/RteHtmlParser.php line 473
#37 /sysext/core/Classes/Error/ErrorHandler.php(137): TYPO3\CMS\Core\Error\ErrorHandler::handleError
#36 /sysext/core/Classes/Html/RteHtmlParser.php(473): TYPO3\CMS\Core\Html\RteHtmlParser::TS_transform_rte
#35 /sysext/core/Classes/Html/RteHtmlParser.php(198): TYPO3\CMS\Core\Html\RteHtmlParser::transformTextForRichTextEditor
#34 /sysext/backend/Classes/Form/FormDataProvider/TcaText.php(65): TYPO3\CMS\Backend\Form\FormDataProvider\TcaText::addData
#33 /sysext/backend/Classes/Form/FormDataGroup/OrderedProviderList.php(66): TYPO3\CMS\Backend\Form\FormDataGroup\OrderedProviderList::compile
#32 /sysext/backend/Classes/Form/FormDataGroup/TcaDatabaseRecord.php(40): TYPO3\CMS\Backend\Form\FormDataGroup\TcaDatabaseRecord::compile
#31 /sysext/backend/Classes/Form/FormDataCompiler.php(102): TYPO3\CMS\Backend\Form\FormDataCompiler::compile
#30 /sysext/backend/Classes/Controller/EditDocumentController.php(1151): TYPO3\CMS\Backend\Controller\EditDocumentController::makeEditForm
#29 /sysext/backend/Classes/Controller/EditDocumentController.php(1023): TYPO3\CMS\Backend\Controller\EditDocumentController::main
#28 /sysext/backend/Classes/Controller/EditDocumentController.php(431): TYPO3\CMS\Backend\Controller\EditDocumentController::mainAction
#27 /sysext/backend/Classes/Http/RouteDispatcher.php(91): TYPO3\CMS\Backend\Http\RouteDispatcher::dispatch
#26 /sysext/backend/Classes/Http/RequestHandler.php(110): TYPO3\CMS\Backend\Http\RequestHandler::handle
#25 /sysext/core/Classes/Middleware/ResponsePropagation.php(34): TYPO3\CMS\Core\Middleware\ResponsePropagation::process
#24 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#23 /sysext/backend/Classes/Middleware/SiteResolver.php(69): TYPO3\CMS\Backend\Middleware\SiteResolver::process
#22 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#21 /sysext/backend/Classes/Middleware/AdditionalResponseHeaders.php(41): TYPO3\CMS\Backend\Middleware\AdditionalResponseHeaders::process
#20 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#19 /sysext/backend/Classes/Middleware/OutputCompression.php(47): TYPO3\CMS\Backend\Middleware\OutputCompression::process
#18 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#17 /sysext/backend/Classes/Middleware/BackendUserAuthenticator.php(165): TYPO3\CMS\Backend\Middleware\BackendUserAuthenticator::process
#16 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#15 /sysext/backend/Classes/Middleware/BackendRouteInitialization.php(86): TYPO3\CMS\Backend\Middleware\BackendRouteInitialization::process
#14 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#13 /sysext/backend/Classes/Middleware/ForcedHttpsBackendRedirector.php(55): TYPO3\CMS\Backend\Middleware\ForcedHttpsBackendRedirector::process
#12 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#11 /sysext/backend/Classes/Middleware/LockedBackendGuard.php(75): TYPO3\CMS\Backend\Middleware\LockedBackendGuard::process
#10 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#9 /sysext/core/Classes/Middleware/NormalizedParamsAttribute.php(45): TYPO3\CMS\Core\Middleware\NormalizedParamsAttribute::process
#8 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#7 /sysext/core/Classes/Middleware/VerifyHostHeader.php(55): TYPO3\CMS\Core\Middleware\VerifyHostHeader::process
#6 /sysext/core/Classes/Http/MiddlewareDispatcher.php(172): Psr\Http\Server\RequestHandlerInterface@anonymous/server/data/www/apache2.2/mfc-corporate/releases/109/public/typo3/sysext/core/Classes/Http/MiddlewareDispatcher.php:138$267::handle
#5 /sysext/core/Classes/Http/MiddlewareDispatcher.php(78): TYPO3\CMS\Core\Http\MiddlewareDispatcher::handle
#4 /sysext/core/Classes/Http/AbstractApplication.php(86): TYPO3\CMS\Core\Http\AbstractApplication::handle
#3 /sysext/backend/Classes/Http/Application.php(72): TYPO3\CMS\Backend\Http\Application::handle
#2 /sysext/core/Classes/Http/AbstractApplication.php(100): TYPO3\CMS\Core\Http\AbstractApplication::run
#1 /index.php(20): {closure}
#0 /index.php(21): null

Furthermore, any attempt to view the page in the Frontend will lead to similar behaviour, as TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::parseFunc makes use of the RteHtmlParser as well.


Related issues 1 (1 open0 closed)

Related to TYPO3 Core - Bug #93302: Pre-formatted text in RTE gets re-formatted when inside an ordered / unordered listNew2021-01-17

Actions
Actions #1

Updated by Georg Ringer over 1 year ago

  • Related to Bug #93302: Pre-formatted text in RTE gets re-formatted when inside an ordered / unordered list added
Actions #2

Updated by Georg Ringer over 1 year ago

a quick fix would be to change the line into

$blockSplit[$k + 1] = preg_replace('/^[ ]*' . LF . '/', '', $blockSplit[$k + 1] ?? '');

but I am unsure if the resulting HTML is good enough for a patch or if more needs to be changed

<ol>
    <li>foo</li>
    <li>bar
    <ol>
    </ol>
    </li>
</ol>

Actions #3

Updated by Benni Mack 9 months ago

  • Sprint Focus set to Stabilization Sprint
Actions #4

Updated by Krzysztof Gutkowski 8 months ago

I am unable to reproduce this on either v11, v12, or main.

CKeditor seems to fix the malformed HTML on frontend before it's saved to the database. However, when manually editing the database to contain said malformed HTML, the issue doesn't occur either.

Actions #5

Updated by Benni Mack 8 months ago

  • Status changed from New to Needs Feedback
Actions #6

Updated by Riccardo De Contardi 25 days ago

I performed a test with TYPO3 11.5.34, 12.4.10 and latest main

The test procedure is the same for all the environments:

1. Create a new page
2. create in it a content element, Type: "Regular Text Element", headline: "Test from Interface"
2.1. open it for editing, click on the "source code" of the bodytext field
2.2. paste in it the string

<ol><li>foo</li><li>bar</li><ol>

2.3. click again the RTE button "source code"; Save and close

3. create another content element, Type: "Regular Text Element", headline: "Test from Database", do not edit the bodytext field
3.1. Save and close it
4. reach on the database the tt_content record created on 3. and paste in the "bodytext" field the same content of point 2.2.
5. clear the frontend cache
6. view the FE page (on another browser) and inspect its HTML
7. on the backend, try to edit the content element created at point 2.
8. on the backend, try to edit the content element created at point 3.
8.1. save and close it
8.2. refresh the FE view and inspect its HTML again

Results

points 7. and 8. : as far as I have seen, no crashes on the BE occurs, the content elements are always editable
the only differences I have seen are about the HTML code I've seen on the preview; I summed up everything on the following table:

TYPO3 Version Source code on FE for element "Test from interface" Source code on FE for element "Test from database" (before editing the element on the backend - point 6. ) Source code on FE for element "Test from database" (after editing the element on the backend - point 8.; 8.2 )
11.5.34
<ol>     
    <li>foo</li>     
    <li>bar     
        <ol>     </ol>     
    </li> 
</ol>

It adds an empty element, but the HTML is correct
<ol>
    <li>foo</li>
    <li>bar</li>
<ol>
</ol></ol>

HTML is wrong
<ol>     
    <li>foo</li>     
    <li>bar     
        <ol>     </ol>     
    </li> 
</ol>

It becomes the content of 2.
12.4.10
<ol>
    <li>foo</li>
    <li>bar</li>
</ol>

No redundant empty elements
<ol>
    <li>foo</li>
    <li>bar</li>
    <ol></ol>
</ol>

HTML is wrong
<ol>
    <li>foo</li>
    <li>bar</li>
</ol>

It becomes the content of 2.
latest main
<ol>
    <li>foo</li>
    <li>bar</li>
</ol>

No redundant empty elements
<ol>
    <li>foo</li>
    <li>bar</li>
    <ol></ol>
</ol>

HTML is wrong
<ol>
    <li>foo</li>
    <li>bar</li>
</ol>

It becomes the content of 2.
Actions

Also available in: Atom PDF