0byt3m1n1
Path:
/
data
/
applications
/
aps
/
typo3
/
4.5.5-0
/
standard
/
htdocs
/
typo3conf
/
ext
/
realurl
/
doc
/
[
Home
]
File: TODO.txt
Todo: Exploit: - It is possible to spam the pathcache table from outside: If you call a page id with &no_cache=1 and incrementing &L, pages will be generated with the &L variable in the links and the pathcache table is filled with bogus entries. - Same with the error-log, easily spammed by calling wrong URLs. Problem? Not any different from a webserver log anyway... - The same with decodeCache, eg "http://typo3.org/community/mailing-lists/1301.0.html", "http://typo3.org/community/mailing-lists/1301.1.html", etc. - encodeCache as well? Possible solution: To check L against sys_language table. Or for encode cache, only use it when &no_cache is not used. (or totally disable &no_cache parameter!) Backend module: - Add CSH / Skinning / XHTML and getLL() Features: - Required-GETvars on postVarSets... (instead of taking the postVarSet if just a SINGLE Getvar matches...?) - NA value / null setting - When an alias is expired, redirect it Manual: - Guide to management and configuration