├── .gitignore ├── .styleci.yml ├── .travis.yml ├── CHANGELOG.rst ├── Classes └── Frontend │ └── ContentObject │ ├── ContentObjectRenderer87.php │ └── ContentObjectRenderer95.php ├── LICENSE.txt ├── README.rst ├── Resources └── Private │ ├── Language │ └── locallang_be.xlf │ └── Patches │ ├── ContentObjectRenderer_TYPO3_6.2.patch │ ├── ContentObjectRenderer_TYPO3_7.6.patch │ ├── ContentObjectRenderer_TYPO3_8.7.patch │ ├── ContentObjectRenderer_TYPO3_9.0.patch │ └── ContentObjectRenderer_TYPO3_9.5.patch ├── composer.json ├── ext_conf_template.txt ├── ext_emconf.php ├── ext_icon.png └── ext_localconf.php /.gitignore: -------------------------------------------------------------------------------- 1 | /.Build 2 | /composer.lock -------------------------------------------------------------------------------- /.styleci.yml: -------------------------------------------------------------------------------- 1 | preset: psr2 2 | 3 | enabled: 4 | - short_array_syntax 5 | - no_whitespace_in_blank_line -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: php 2 | 3 | branches: 4 | only: 5 | - master 6 | - /^([0-9]+\.){1,2}(x|[0-9]+)$/ 7 | 8 | notifications: 9 | email: 10 | - k.szymukowicz@gmail.com 11 | 12 | sudo: false 13 | cache: 14 | directories: 15 | - $HOME/.composer/cache 16 | 17 | jobs: 18 | include: 19 | - stage: TER 20 | if: tag IS present 21 | php: 7.0 22 | install: skip 23 | before_script: skip 24 | script: 25 | - | 26 | if [ -n "$TYPO3_ORG_USERNAME" ] && [ -n "$TYPO3_ORG_PASSWORD" ]; then 27 | echo -e "Preparing upload of release ${TRAVIS_TAG} to TER\n"; 28 | # Install ter client 29 | composer global require helhum/ter-client 30 | 31 | # Upload 32 | TAG_MESSAGE=`git tag -n10 -l $TRAVIS_TAG | sed 's/^[0-9.]*[ ]*//g'` 33 | echo "Uploading release ${TRAVIS_TAG} to TER" 34 | $HOME/.composer/vendor/bin/ter-client upload urlguard . -u "$TYPO3_ORG_USERNAME" -p "$TYPO3_ORG_PASSWORD" -m "$TAG_MESSAGE" 35 | fi; -------------------------------------------------------------------------------- /CHANGELOG.rst: -------------------------------------------------------------------------------- 1 | Changelog 2 | --------- 3 | 4 | master 5 | ~~~~~ 6 | 1) Fix composer version validation. 7 | 8 | 1.0.5 9 | ~~~~~ 10 | 1) Change stability to "stable". 11 | 12 | 1.0.4 13 | ~~~~~ 14 | 1) TER autoupload test 15 | 16 | 1.0.3 17 | ~~~~~ 18 | 1) TER autoupload test 19 | 20 | 1.0.2 21 | ~~~~~ 22 | 1) TER autoupload test 23 | 24 | 1.0.1 25 | ~~~~~ 26 | 1) Fix TYPO3 9.5 version in composer.json 27 | 28 | 1.0.0 29 | ~~~~~ 30 | 1) Add support for TYPO3 9.5 31 | 2) Update ext_emconf.php ext version. 32 | 33 | 0.2.1 34 | ~~~~~ 35 | 1) Add missing aliasing for ArrayUtility. 36 | 2) Update ext_emconf.php ext version. 37 | 38 | 0.2.0 39 | ~~~~~ 40 | 1) Fix wrong array transformation. 41 | 2) Use ::class operator to get class name. 42 | 3) Change TYPO3 compatibility to 7.6.0-9.0.99 43 | 4) Update ext_emconf.php ext version. 44 | 45 | 0.1.3 46 | ~~~~~ 47 | 1) Improve docs. 48 | 49 | 0.1.2 50 | ~~~~~ 51 | 1) Update ext_emconf.php ext version. 52 | 2) Improve docs. 53 | 54 | 0.1.1 55 | ~~~~~ 56 | 1) StylesCI fixes. 57 | 2) Fix docs. 58 | 59 | 0.1.0 60 | ~~~~~ 61 | 1) Init version. -------------------------------------------------------------------------------- /Classes/Frontend/ContentObject/ContentObjectRenderer87.php: -------------------------------------------------------------------------------- 1 | getEnvironmentVariable('QUERY_STRING'), true); 50 | } 51 | $allowedUrlNamespaces = []; 52 | // By default option includePluginsNamespaces is active if not set. 53 | if (!isset($conf['includePluginsNamespaces']) 54 | || !empty($conf['includePluginsNamespaces'])) { 55 | foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['extbase']['extensions'] as $extensionName => $settings) { 56 | if (!empty($settings['plugins'])) { 57 | $extensionName = str_replace(' ', '', ucwords(str_replace('_', ' ', $extensionName))); 58 | foreach ($settings['plugins'] as $pluginName => $pluginSettings) { 59 | $allowedUrlNamespaces[] = 'tx_' . strtolower($extensionName . '_' . $pluginName); 60 | } 61 | } 62 | } 63 | } 64 | if (!empty(trim($conf['include']))) { 65 | $allowedUrlNamespaces = array_merge( 66 | $allowedUrlNamespaces, 67 | GeneralUtility::trimExplode(',', $conf['include']) 68 | ); 69 | } 70 | if (!empty($allowedUrlNamespaces)) { 71 | $conf['exclude'] = implode(',', 72 | array_unique(array_merge( 73 | GeneralUtility::trimExplode(',', $conf['exclude']), 74 | array_filter( 75 | array_keys($currentQueryArray), 76 | function ($getVarNamespace) use ($allowedUrlNamespaces) { 77 | return !in_array($getVarNamespace, $allowedUrlNamespaces); 78 | } 79 | )))); 80 | } 81 | if ($conf['exclude']) { 82 | $exclude = str_replace(',', '&', $conf['exclude']); 83 | $exclude = GeneralUtility::explodeUrl2Array($exclude, true); 84 | // never repeat id 85 | $exclude['id'] = 0; 86 | $newQueryArray = ArrayUtility::arrayDiffAssocRecursive($currentQueryArray, $exclude); 87 | } else { 88 | $newQueryArray = $currentQueryArray; 89 | } 90 | if ($forceOverruleArguments) { 91 | ArrayUtility::mergeRecursiveWithOverrule($newQueryArray, $overruleQueryArguments); 92 | } else { 93 | ArrayUtility::mergeRecursiveWithOverrule($newQueryArray, $overruleQueryArguments, false); 94 | } 95 | return GeneralUtility::implodeArrayForUrl('', $newQueryArray, '', false, true); 96 | } 97 | } 98 | -------------------------------------------------------------------------------- /Classes/Frontend/ContentObject/ContentObjectRenderer95.php: -------------------------------------------------------------------------------- 1 | getEnvironmentVariable('QUERY_STRING'), $currentQueryArray); 53 | } 54 | $allowedUrlNamespaces = []; 55 | // By default option includePluginsNamespaces is active if not set. 56 | if (!isset($conf['includePluginsNamespaces']) 57 | || !empty($conf['includePluginsNamespaces'])) { 58 | foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['extbase']['extensions'] as $extensionName => $settings) { 59 | if (!empty($settings['plugins'])) { 60 | $extensionName = str_replace(' ', '', ucwords(str_replace('_', ' ', $extensionName))); 61 | foreach ($settings['plugins'] as $pluginName => $pluginSettings) { 62 | $allowedUrlNamespaces[] = 'tx_' . strtolower($extensionName . '_' . $pluginName); 63 | } 64 | } 65 | } 66 | } 67 | if (!empty(trim($conf['include']))) { 68 | $allowedUrlNamespaces = array_merge( 69 | $allowedUrlNamespaces, 70 | GeneralUtility::trimExplode(',', $conf['include']) 71 | ); 72 | } 73 | if (!empty($allowedUrlNamespaces)) { 74 | $conf['exclude'] = implode(',', 75 | array_unique(array_merge( 76 | GeneralUtility::trimExplode(',', $conf['exclude']), 77 | array_filter( 78 | array_keys($currentQueryArray), 79 | function ($getVarNamespace) use ($allowedUrlNamespaces) { 80 | return !in_array($getVarNamespace, $allowedUrlNamespaces); 81 | } 82 | )))); 83 | } 84 | if ($conf['exclude'] ?? false) { 85 | $excludeString = str_replace(',', '&', $conf['exclude']); 86 | $excludedQueryParts = []; 87 | parse_str($excludeString, $excludedQueryParts); 88 | // never repeat id 89 | $exclude['id'] = 0; 90 | $newQueryArray = ArrayUtility::arrayDiffAssocRecursive($currentQueryArray, $excludedQueryParts); 91 | } else { 92 | $newQueryArray = $currentQueryArray; 93 | } 94 | ArrayUtility::mergeRecursiveWithOverrule($newQueryArray, $overruleQueryArguments, $forceOverruleArguments); 95 | return HttpUtility::buildQueryString($newQueryArray, '&'); 96 | } 97 | } 98 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc., 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Lesser General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | 294 | Copyright (C) 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License along 307 | with this program; if not, write to the Free Software Foundation, Inc., 308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 309 | 310 | Also add information on how to contact you by electronic and paper mail. 311 | 312 | If the program is interactive, make it output a short notice like this 313 | when it starts in an interactive mode: 314 | 315 | Gnomovision version 69, Copyright (C) year name of author 316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 317 | This is free software, and you are welcome to redistribute it 318 | under certain conditions; type `show c' for details. 319 | 320 | The hypothetical commands `show w' and `show c' should show the appropriate 321 | parts of the General Public License. Of course, the commands you use may 322 | be called something other than `show w' and `show c'; they could even be 323 | mouse-clicks or menu items--whatever suits your program. 324 | 325 | You should also get your employer (if you work as a programmer) or your 326 | school, if any, to sign a "copyright disclaimer" for the program, if 327 | necessary. Here is a sample; alter the names: 328 | 329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 330 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 331 | 332 | , 1 April 1989 333 | Ty Coon, President of Vice 334 | 335 | This General Public License does not permit incorporating your program into 336 | proprietary programs. If your program is a subroutine library, you may 337 | consider it more useful to permit linking proprietary applications with the 338 | library. If this is what you want to do, use the GNU Lesser General 339 | Public License instead of this License. -------------------------------------------------------------------------------- /README.rst: -------------------------------------------------------------------------------- 1 | TYPO3 Extension ``urlguard`` 2 | ############################ 3 | 4 | .. image:: https://poser.pugx.org/sourcebroker/urlguard/v/stable 5 | :target: https://packagist.org/packages/sourcebroker/urlguard 6 | 7 | .. image:: https://poser.pugx.org/sourcebroker/urlguard/license 8 | :target: https://packagist.org/packages/sourcebroker/urlguard 9 | 10 | 11 | 12 | This extension will not longer be mainained 13 | ******************************************* 14 | 15 | Look for alternative here https://github.com/b13/trusted-url-params (Thanks to Benni Mack from b13 GmbH) 16 | 17 | 18 | 19 | What does it do? 20 | **************** 21 | 22 | This extension adds two new options for ``typolink.addQueryString`` setting. This new options allow to define 23 | what query parameters will be passed to newly created typolinks. 24 | 25 | First option is ``typolink.addQueryString.include`` (string, comma separated - empty by default). All query parameters 26 | that does not exist on this list will be not passed to newly created typolink. 27 | 28 | Second option is ``typolink.addQueryString.includePluginsNamespaces`` (boolean - set by default to true). If enabled 29 | then all query parameters that does not fit into first level of Extbase plugins namespace will be not passed to newly 30 | created typolink. 31 | 32 | In the background those both options check for all query parameter that does not exists on ``typolink.addQueryString.include``, 33 | ``typolink.addQueryString.includePluginsNamespaces`` and if so then adds them to ``addQueryString.exclude`` list. 34 | 35 | If you are unsure if you need those options then read `Background`_ and `Flooding problems of addQueryString`_. 36 | 37 | Because ``addQueryString.includePluginsNamespaces`` is enabled by default then you do not need to change your TypoScript 38 | code after this extension installation. You will be safe from flooding by default! 39 | 40 | 41 | Installation 42 | ************ 43 | 44 | 1) Use composer or download by Extension Manager. 45 | :: 46 | 47 | composer require sourcebroker/urlguard 48 | 49 | 2) Go to Extension Manager, find ``Urlguard`` choose Options and set ``enableXclassForContentObjectRenderer``. 50 | 51 | 3) Clear TYPO3 frontend cache. In browser open link ``https://www.example.com/?asd=1`` and look for the links builded 52 | by language menu. You should not see links like ``?asd=1&cHash=1234567890``. If you still see 53 | ``?asd=1&cHash=1234567890`` it means ext:urlguard is not working. In that case look for note below. 54 | 55 | 56 | Note! It may happen that one of your installed extension is already overwriting class 57 | ``\TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer``. In that case you may expect that either ``urlguard`` will not 58 | work or the second extension that overwrites class ContentObjectRenderer will not work. That depends which extension 59 | is loaded last - the last one overwrites. If you are experiencing this situation then you can apply patch needed by 60 | ext:urlguard directly to core class ContentObjectRenderer. Look for patches in ``Resources/Private/Patches`` and apply 61 | them manually or automatically with composer package ``cweagans/composer-patches``. 62 | 63 | Note! For TYPO3 6.2 you can apply patch from Resources/Private/Patches/ContentObjectRenderer_TYPO3_6.2.patch 64 | 65 | Background 66 | ********** 67 | 68 | Usually when you build language menu (or page browsing) then you want to use ``typolink.addQueryString`` to pass all 69 | parameters that are set on query so the parameters are the same for other languages or for next pages in page browser. 70 | 71 | Lets take an example. The link that was requested by user is a link to single view of news: 72 | ``https://www.example.com/?id=10&tx_news_pi[news]=15&cHash=1234567890`` 73 | 74 | When TYPO3 will start to generate language menu it will build following links adding L parameter: 75 | 76 | * ``https://www.example.com/?id=10&tx_news_pi[news]=15&L=1&cHash=1234567890`` 77 | * ``https://www.example.com/?id=10&tx_news_pi[news]=15&L=2&cHash=1234567890`` 78 | * ``https://www.example.com/?id=10&tx_news_pi[news]=15&L=3&cHash=1234567890`` 79 | 80 | This is perfectly fine and what you wanted! 81 | 82 | Unfortunately the reality is that bots are permanently hitting your website with very strange url parameters that are not 83 | coming from you application. How it looks like then? Lets take an next example - bot hits your website with: 84 | ``https://www.example.com/?__asd=1139234`` 85 | 86 | The language menu will build following links: 87 | 88 | * ``https://www.example.com/?__asd=1139234&L=1&cHash=1234567890`` 89 | * ``https://www.example.com/?__asd=1139234&L=2&cHash=1234567890`` 90 | * ``https://www.example.com/?__asd=1139234&L=3&cHash=1234567890`` 91 | 92 | This is what you would like to avoid. What are the downsides of such situation? Please read next chapter. 93 | 94 | Flooding problems of addQueryString 95 | *********************************** 96 | 97 | Flooding of table cf_cache_pages 98 | ================================ 99 | 100 | When typolink is used with addQueryString option activated there is no easy way to exclude all possible query parameters 101 | with ``typolink.addQueryString.exclude`` because we can not predict all the params used by bots. This means that typolink 102 | will generate links containing valid cHash but with bot's params that are not supported by our application. If later bot 103 | will traverse those links then each of such link will build new cache entry in ``cf_cache_pages`` table. This means 104 | pressure on processor, database and database space. 105 | 106 | Flooding of table tx_realurl_urldata (not longer valid for TYPO3 9.5) 107 | ===================================================================== 108 | 109 | Each link created by typolink has its entry in realurl table ``tx_realurl_urldata``. Because there is no way to effectively 110 | exclude all possible query parameters with ``typolink.addQueryString.exclude`` then this table will be flooded and will 111 | make pressure on processor, database and database space. 112 | 113 | How can you prevent 'addQueryString flooding' problems? 114 | ******************************************************* 115 | 116 | Install ext:urlguard. By default it has active ``typolink.addQueryString.includePluginsNamespaces`` which will exclude 117 | all parameters that does not fit into first level of Extbase plugins namespace. 118 | 119 | 120 | How can you prevent 'addQueryString flooding' problems without ext:urlguard? 121 | **************************************************************************** 122 | 123 | TYPO3 offers ``typolink.addQueryString.exclude`` where you can try to exclude all parameters that should not be passed 124 | when creating new typolink. The problem is: **you can not predict all the parameters used by bots**. 125 | 126 | The only 100% solution is to not use blacklisting of parameters (exclude) but whitelisting of parameters (include). 127 | This is what ext:urlguard is doing. 128 | 129 | 130 | Known problems 131 | ************** 132 | 133 | None. 134 | 135 | 136 | Changelog 137 | ********* 138 | 139 | See https://github.com/sourcebroker/urlguard/blob/master/CHANGELOG.rst 140 | -------------------------------------------------------------------------------- /Resources/Private/Language/locallang_be.xlf: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |
5 | 6 | 7 | enableXclassForContentObjectRenderer: Enable xclass for ContentObjectRenderer to allow support for 'include' and 'includePluginsNamespaces' options. 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /Resources/Private/Patches/ContentObjectRenderer_TYPO3_6.2.patch: -------------------------------------------------------------------------------- 1 | --- typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php 2017-04-18 18:22:57.000000000 +0200 2 | +++ typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer1.php 2017-12-25 22:05:53.000000000 +0100 3 | @@ -6537,7 +6537,37 @@ 4 | default: 5 | $currentQueryArray = GeneralUtility::explodeUrl2Array($this->getEnvironmentVariable('QUERY_STRING'), TRUE); 6 | } 7 | - if ($conf['exclude']) { 8 | + $allowedUrlNamespaces = []; 9 | + // By default option includePluginsNamespaces is active if not set. 10 | + if (!isset($conf['includePluginsNamespaces']) 11 | + || !empty($conf['includePluginsNamespaces'])) { 12 | + foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['extbase']['extensions'] as $extensionName => $settings) { 13 | + if (!empty($settings['plugins'])) { 14 | + $extensionName = str_replace(' ', '', ucwords(str_replace('_', ' ', $extensionName))); 15 | + foreach ($settings['plugins'] as $pluginName => $pluginSettings) { 16 | + $allowedUrlNamespaces[] = 'tx_' . strtolower($extensionName . '_' . $pluginName); 17 | + } 18 | + } 19 | + } 20 | + } 21 | + if (!empty(trim($conf['include']))) { 22 | + $allowedUrlNamespaces = array_merge( 23 | + $allowedUrlNamespaces, 24 | + GeneralUtility::trimExplode(',', $conf['include']) 25 | + ); 26 | + } 27 | + if (!empty($allowedUrlNamespaces)) { 28 | + $conf['exclude'] = implode(',', 29 | + array_unique(array_merge( 30 | + GeneralUtility::trimExplode(',', $conf['exclude']), 31 | + array_filter( 32 | + array_keys($currentQueryArray), 33 | + function ($getVarNamespace) use ($allowedUrlNamespaces) { 34 | + return !in_array($getVarNamespace, $allowedUrlNamespaces); 35 | + } 36 | + )))); 37 | + } 38 | + if ($conf['exclude']) { 39 | $exclude = str_replace(',', '&', $conf['exclude']); 40 | $exclude = GeneralUtility::explodeUrl2Array($exclude, TRUE); 41 | // never repeat id 42 | -------------------------------------------------------------------------------- /Resources/Private/Patches/ContentObjectRenderer_TYPO3_7.6.patch: -------------------------------------------------------------------------------- 1 | --- typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php 2017-12-25 21:52:10.000000000 +0100 2 | +++ typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer1.php 2017-12-25 21:51:41.000000000 +0100 3 | @@ -6128,6 +6128,36 @@ 4 | default: 5 | $currentQueryArray = GeneralUtility::explodeUrl2Array($this->getEnvironmentVariable('QUERY_STRING'), true); 6 | } 7 | + $allowedUrlNamespaces = []; 8 | + // By default option includePluginsNamespaces is active if not set. 9 | + if (!isset($conf['includePluginsNamespaces']) 10 | + || !empty($conf['includePluginsNamespaces'])) { 11 | + foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['extbase']['extensions'] as $extensionName => $settings) { 12 | + if (!empty($settings['plugins'])) { 13 | + $extensionName = str_replace(' ', '', ucwords(str_replace('_', ' ', $extensionName))); 14 | + foreach ($settings['plugins'] as $pluginName => $pluginSettings) { 15 | + $allowedUrlNamespaces[] = 'tx_' . strtolower($extensionName . '_' . $pluginName); 16 | + } 17 | + } 18 | + } 19 | + } 20 | + if (!empty(trim($conf['include']))) { 21 | + $allowedUrlNamespaces = array_merge( 22 | + $allowedUrlNamespaces, 23 | + GeneralUtility::trimExplode(',', $conf['include']) 24 | + ); 25 | + } 26 | + if(!empty($allowedUrlNamespaces)) { 27 | + $conf['exclude'] = implode(',', 28 | + array_unique(array_merge( 29 | + GeneralUtility::trimExplode(',', $conf['exclude']), 30 | + array_filter( 31 | + array_keys($currentQueryArray), 32 | + function ($getVarNamespace) use ($allowedUrlNamespaces) { 33 | + return !in_array($getVarNamespace, $allowedUrlNamespaces); 34 | + } 35 | + )))); 36 | + } 37 | if ($conf['exclude']) { 38 | $exclude = str_replace(',', '&', $conf['exclude']); 39 | $exclude = GeneralUtility::explodeUrl2Array($exclude, true); 40 | -------------------------------------------------------------------------------- /Resources/Private/Patches/ContentObjectRenderer_TYPO3_8.7.patch: -------------------------------------------------------------------------------- 1 | --- typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php 2017-12-25 21:52:10.000000000 +0100 2 | +++ typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer1.php 2017-12-25 21:51:41.000000000 +0100 3 | @@ -6128,6 +6128,36 @@ 4 | default: 5 | $currentQueryArray = GeneralUtility::explodeUrl2Array($this->getEnvironmentVariable('QUERY_STRING'), true); 6 | } 7 | + $allowedUrlNamespaces = []; 8 | + // By default option includePluginsNamespaces is active if not set. 9 | + if (!isset($conf['includePluginsNamespaces']) 10 | + || !empty($conf['includePluginsNamespaces'])) { 11 | + foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['extbase']['extensions'] as $extensionName => $settings) { 12 | + if (!empty($settings['plugins'])) { 13 | + $extensionName = str_replace(' ', '', ucwords(str_replace('_', ' ', $extensionName))); 14 | + foreach ($settings['plugins'] as $pluginName => $pluginSettings) { 15 | + $allowedUrlNamespaces[] = 'tx_' . strtolower($extensionName . '_' . $pluginName); 16 | + } 17 | + } 18 | + } 19 | + } 20 | + if (!empty(trim($conf['include']))) { 21 | + $allowedUrlNamespaces = array_merge( 22 | + $allowedUrlNamespaces, 23 | + GeneralUtility::trimExplode(',', $conf['include']) 24 | + ); 25 | + } 26 | + if(!empty($allowedUrlNamespaces)) { 27 | + $conf['exclude'] = implode(',', 28 | + array_unique(array_merge( 29 | + GeneralUtility::trimExplode(',', $conf['exclude']), 30 | + array_filter( 31 | + array_keys($currentQueryArray), 32 | + function ($getVarNamespace) use ($allowedUrlNamespaces) { 33 | + return !in_array($getVarNamespace, $allowedUrlNamespaces); 34 | + } 35 | + )))); 36 | + } 37 | if ($conf['exclude']) { 38 | $exclude = str_replace(',', '&', $conf['exclude']); 39 | $exclude = GeneralUtility::explodeUrl2Array($exclude, true); 40 | -------------------------------------------------------------------------------- /Resources/Private/Patches/ContentObjectRenderer_TYPO3_9.0.patch: -------------------------------------------------------------------------------- 1 | --- frontend/Classes/ContentObject/ContentObjectRenderer.php 2017-12-12 17:48:22.000000000 +0100 2 | +++ frontend/Classes/ContentObject/ContentObjectRenderer1.php 2017-12-25 22:08:34.000000000 +0100 3 | @@ -5645,6 +5645,36 @@ 4 | default: 5 | $currentQueryArray = GeneralUtility::explodeUrl2Array($this->getEnvironmentVariable('QUERY_STRING'), true); 6 | } 7 | + $allowedUrlNamespaces = []; 8 | + // By default option includePluginsNamespaces is active if not set. 9 | + if (!isset($conf['includePluginsNamespaces']) 10 | + || !empty($conf['includePluginsNamespaces'])) { 11 | + foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['extbase']['extensions'] as $extensionName => $settings) { 12 | + if (!empty($settings['plugins'])) { 13 | + $extensionName = str_replace(' ', '', ucwords(str_replace('_', ' ', $extensionName))); 14 | + foreach ($settings['plugins'] as $pluginName => $pluginSettings) { 15 | + $allowedUrlNamespaces[] = 'tx_' . strtolower($extensionName . '_' . $pluginName); 16 | + } 17 | + } 18 | + } 19 | + } 20 | + if (!empty(trim($conf['include']))) { 21 | + $allowedUrlNamespaces = array_merge( 22 | + $allowedUrlNamespaces, 23 | + GeneralUtility::trimExplode(',', $conf['include']) 24 | + ); 25 | + } 26 | + if(!empty($allowedUrlNamespaces)) { 27 | + $conf['exclude'] = implode(',', 28 | + array_unique(array_merge( 29 | + GeneralUtility::trimExplode(',', $conf['exclude']), 30 | + array_filter( 31 | + array_keys($currentQueryArray), 32 | + function ($getVarNamespace) use ($allowedUrlNamespaces) { 33 | + return !in_array($getVarNamespace, $allowedUrlNamespaces); 34 | + } 35 | + )))); 36 | + } 37 | if ($conf['exclude']) { 38 | $exclude = str_replace(',', '&', $conf['exclude']); 39 | $exclude = GeneralUtility::explodeUrl2Array($exclude, true); 40 | -------------------------------------------------------------------------------- /Resources/Private/Patches/ContentObjectRenderer_TYPO3_9.5.patch: -------------------------------------------------------------------------------- 1 | --- Classes/ContentObject/ContentObjectRenderer.php 2019-03-04 21:25:08.000000000 +0100 2 | +++ Classes/ContentObject/ContentObjectRenderer.php 2019-04-13 17:35:07.000000000 +0200 3 | @@ -5877,6 +5877,36 @@ 4 | $currentQueryArray = []; 5 | parse_str($this->getEnvironmentVariable('QUERY_STRING'), $currentQueryArray); 6 | } 7 | + $allowedUrlNamespaces = []; 8 | + // By default option includePluginsNamespaces is active if not set. 9 | + if (!isset($conf['includePluginsNamespaces']) 10 | + || !empty($conf['includePluginsNamespaces'])) { 11 | + foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['extbase']['extensions'] as $extensionName => $settings) { 12 | + if (!empty($settings['plugins'])) { 13 | + $extensionName = str_replace(' ', '', ucwords(str_replace('_', ' ', $extensionName))); 14 | + foreach ($settings['plugins'] as $pluginName => $pluginSettings) { 15 | + $allowedUrlNamespaces[] = 'tx_' . strtolower($extensionName . '_' . $pluginName); 16 | + } 17 | + } 18 | + } 19 | + } 20 | + if (!empty(trim($conf['include']))) { 21 | + $allowedUrlNamespaces = array_merge( 22 | + $allowedUrlNamespaces, 23 | + GeneralUtility::trimExplode(',', $conf['include']) 24 | + ); 25 | + } 26 | + if (!empty($allowedUrlNamespaces)) { 27 | + $conf['exclude'] = implode(',', 28 | + array_unique(array_merge( 29 | + GeneralUtility::trimExplode(',', $conf['exclude']), 30 | + array_filter( 31 | + array_keys($currentQueryArray), 32 | + function ($getVarNamespace) use ($allowedUrlNamespaces) { 33 | + return !in_array($getVarNamespace, $allowedUrlNamespaces); 34 | + } 35 | + )))); 36 | + } 37 | if ($conf['exclude'] ?? false) { 38 | $excludeString = str_replace(',', '&', $conf['exclude']); 39 | $excludedQueryParts = []; 40 | -------------------------------------------------------------------------------- /composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "sourcebroker/urlguard", 3 | "license": [ 4 | "GPL-2.0-or-later" 5 | ], 6 | "type": "typo3-cms-extension", 7 | "description": "Adds support for typolink addQueryString to allow to include only specific url vars.", 8 | "require": { 9 | "typo3/cms-core": "~7.6 || ~8.7 || ~9.5 || ~10.4" 10 | }, 11 | "autoload": { 12 | "psr-4": { 13 | "SourceBroker\\Urlguard\\": "Classes/" 14 | } 15 | }, 16 | "authors": [ 17 | { 18 | "name": "Krystian Szymukowicz", 19 | "email": "k.szymukowicz@gmail.com" 20 | } 21 | ], 22 | "replace": { 23 | "sourcebroker/urlguard": "self.version", 24 | "typo3-ter/urlguard": "self.version" 25 | }, 26 | "config": { 27 | "vendor-dir": ".Build/vendor", 28 | "bin-dir": ".Build/bin" 29 | }, 30 | "extra": { 31 | "typo3/cms": { 32 | "cms-package-dir": "{$vendor-dir}/typo3/cms", 33 | "web-dir": ".Build/Web" 34 | } 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /ext_conf_template.txt: -------------------------------------------------------------------------------- 1 | # cat=general/enable/10; type=boolean; label=LLL:EXT:urlguard/Resources/Private/Language/locallang_be.xlf:extmng.enableXclassForContentObjectRenderer 2 | enableXclassForContentObjectRenderer = 0 3 | -------------------------------------------------------------------------------- /ext_emconf.php: -------------------------------------------------------------------------------- 1 | 'URL Guard', 5 | 'description' => 'Adds support for typolink addQueryString to allow to include only specific url vars.', 6 | 'category' => 'services', 7 | 'version' => '1.0.5', 8 | 'state' => 'stable', 9 | 'uploadFolder' => false, 10 | 'clearCacheOnLoad' => true, 11 | 'author' => 'SourceBroker Team', 12 | 'author_email' => 'office@sourcebroker.dev', 13 | 'author_company' => 'SourceBroker', 14 | 'constraints' => 15 | [ 16 | 'depends' => 17 | [ 18 | 'typo3' => '7.6.0-10.4.999', 19 | ], 20 | 'conflicts' => 21 | [ 22 | ], 23 | 'suggests' => 24 | [ 25 | 'realurl' => '' 26 | ], 27 | ] 28 | ]; 29 | -------------------------------------------------------------------------------- /ext_icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sourcebroker/urlguard/78737e0bcd9df27d10f416ed06a80acc315246e9/ext_icon.png -------------------------------------------------------------------------------- /ext_localconf.php: -------------------------------------------------------------------------------- 1 | get('urlguard'); 6 | } else { 7 | $configuration = is_string($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['urlguard']) ? @unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['urlguard']) : []; 8 | } 9 | if (!empty($configuration['enableXclassForContentObjectRenderer'])) { 10 | if (TYPO3\CMS\Core\Utility\VersionNumberUtility::convertVersionNumberToInteger(TYPO3_version) <= 8007999) { 11 | $GLOBALS['TYPO3_CONF_VARS']['SYS']['Objects'][\TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::class] = [ 12 | 'className' => \SourceBroker\Urlguard\Frontend\ContentObject\ContentObjectRenderer87::class 13 | ]; 14 | } else { 15 | $GLOBALS['TYPO3_CONF_VARS']['SYS']['Objects'][\TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::class] = [ 16 | 'className' => \SourceBroker\Urlguard\Frontend\ContentObject\ContentObjectRenderer95::class 17 | ]; 18 | } 19 | } 20 | }); 21 | --------------------------------------------------------------------------------