How to avoid cache-pollution with TYPO3

Posted by Hendrik Will on Samstag, Juli 18, 2009 at 4:23 PM. 1 Comment.

Did you ever wonder about URLs containing parameters like this: domain.tld/page.html&L=1print=1print=1print=1print= and so on. It would also be possible to abuse it for spam like this: domain.tld/page.html&L=1_buy-viagra-at_www.viagra-spam.url

You can avoid this cache-pollution by specifying a range of valid values for your linkVars configuration. You can append the values in round brackets to your L-params. It’s also possible to use regular expressions here.

Example:

config {
linkVars = L(1-5), print(1)
}

Otherwise it can happen that TYPO3 puts malformed URLs in your cache and your clients will get mad.
You can find more examples in TSref at typo3.org.


Filed under , , .

One Comment on “How to avoid cache-pollution with TYPO3”

You can track this conversation through its atom feed.

  1. Michael Canno sagt:

    Hendrik,

    Thanks for the simple tip reminder here. It should be further cleared up that the linkVars property is used to limit or prevent what URLs will be generated. This is how the bad variables can be prevented and link injection prevented.

    Basically, by only saying `linkVars = print`, it still allows `?print=1234_I’mabadguy`, but that `linkVars = print(1}` only allows `?print=1`.

    Therefore, through this process you attempt to prevent bad URLs being generated.

    Ciao!

    Michael

    Posted on 20/07/2009 um 6:15 AM. (Reply)

Einen Kommentar hinterlassen

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>