search

b13 / trusted-url-params

TYPO3 Extension to ensure that only safe queryParams from TYPO3s Routing are added to generated links
GNU General Public License v2.0
8 stars 1 forks source link

trusted_url_params breaks language menu #6

Open seirerman opened 2 years ago

seirerman commented 2 years ago

After installing trusted_url_params I noticed that the language menu on one of my sites was off. The link to the default language version of a site allways had the prefix of the second language in the URL. This resulted in not being able to return to the default language via the menu once you are on a translated page.

So I deinstalled trusted_url_params, and the language menu was working again.

To better illustrate this:

If you were on www.domain.com/it/ the link back to the german version was /it/, as well as the link to the italian version. The link to the english version was fine, though. If you were on www.domain.com/en/ the link back to the german version was /en/.

This is the TypoScript of my language menu:

page = PAGE page { 10.dataProcessing { 200 = TYPO3\CMS\Frontend\DataProcessing\LanguageMenuProcessor 200 { languages = auto as = languageNavigation }

Do not link to news records without translation:

201 = GeorgRinger\News\DataProcessing\DisableLanguageMenuProcessor 201.menus = languageNavigation } }

bmack commented 2 years ago

Hey,

thanks for your report.

Is it possible that you still have config.linkVars = L included?

seirerman commented 2 years ago

No, config.linkVars isn't set.

We are on TYPO3 9.5, btw...

bmack commented 2 years ago

Hey @seirerman ,

I think this is a bug in TYPO3 Core... maybe this might be related? https://review.typo3.org/c/Packages/TYPO3.CMS/+/72801

seirerman commented 2 years ago

I applied the patch to TYPO3 9.5, but it didn't change anything.

I also rechecked the recommendations for when to use trusted_url_params, and I think the affected site will be fine without the extension, for now. Might be different for others, though.

ohader commented 2 years ago

@seirerman What is your setting (if any) for $GLOBALS['TYPO3_CONF_VARS']['FE']['additionalCanonicalizedUrlParameters']?

seirerman commented 2 years ago

It's empty. $GLOBALS['TYPO3_CONF_VARS']['FE']['additionalCanonicalizedUrlParameters'] isn't set.

wazum commented 2 years ago

The problem is imho that the 'L' parameter is set in AbstractMenuContentObject in prepareMenuItemsForLanguageMenu

            if ($this->conf['addQueryString']) {
                $getVars = $this->parent_cObj->getQueryArguments(
                    $this->conf['addQueryString.'],
                    ['L' => $sUid],
                    true
                );
                $this->analyzeCacheHashRequirements($getVars);
            } else {
                $getVars = '&L=' . $sUid;
            }

so it seems related to the linked core patch.

DavidHedden commented 2 years ago

The Argument $overruleQueryArguments holds the language parameter in those cases. So a possible fix is to check for it and include it again. It might be the case that its only needed for the ContentObjectRender9.