[BUGFIX] Ensure MountPoint parameter contains valid characters

When using ?MP=12-13,345-673 some could also add a letter or a "/" symbol in the GET parameter, effectively showing a 503 instead of 404 page. This change ensures that $TSFE->MP only contains numbers, commas or dashes. Resolves: #94045 Releases: master, 10.4 Change-Id: I9d47153495701eb36bd9eb0c9936c0956b075560 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/68992 Tested-by: core-ci <typo3@b13.com> Tested-by: Benni Mack <benni@typo3.org> Reviewed-by: Benni Mack <benni@typo3.org>
TYPO3 · May 4, 2021 · 709127c · 709127c
1 parent 58e4ceb
commit 709127c
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 0 deletions.
diff --git a/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php b/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php
@@ -1799,6 +1799,8 @@ protected function setPageArguments(PageArguments $pageArguments): void
         $this->type = $pageArguments->getPageType() ?: 0;
         if ($GLOBALS['TYPO3_CONF_VARS']['FE']['enable_mount_pids']) {
             $this->MP = (string)($pageArguments->getArguments()['MP'] ?? '');
+            // Ensure no additional arguments are given via the &MP=123-345,908-172 (e.g. "/")
+            $this->MP = preg_replace('/[^0-9,-]/', '', $this->MP);
         }
     }
 

diff --git a/typo3/sysext/frontend/Tests/Unit/Controller/TypoScriptFrontendControllerTest.php b/typo3/sysext/frontend/Tests/Unit/Controller/TypoScriptFrontendControllerTest.php
@@ -611,6 +611,71 @@ public function languageServiceIsSetUpWithSiteLanguageTypo3LanguageInConstructor
         self::assertEquals('fr', $languageService->lang);
     }
 
+    /**
+     * @test
+     */
+    public function mountPointParameterContainsOnlyValidMPValues(): void
+    {
+        $nullCacheBackend = new NullBackend('');
+        $cacheManager = $this->prophesize(CacheManager::class);
+        $cacheManager->getCache('pages')->willReturn($nullCacheBackend);
+        $cacheManager->getCache('l10n')->willReturn($nullCacheBackend);
+        GeneralUtility::setSingletonInstance(CacheManager::class, $cacheManager->reveal());
+        $languageService = new LanguageService(new Locales(), new LocalizationFactory(new LanguageStore(), $cacheManager->reveal()));
+        $languageServiceFactoryProphecy = $this->prophesize(LanguageServiceFactory::class);
+        $languageServiceFactoryProphecy->create(Argument::any())->will(function ($args) use ($languageService) {
+            $languageService->init($args[0]);
+            return $languageService;
+        });
+        GeneralUtility::addInstance(LanguageServiceFactory::class, $languageServiceFactoryProphecy->reveal());
+        $GLOBALS['TYPO3_REQUEST'] = new ServerRequest('https://www.example.com/');
+
+        $site = $this->createSiteWithDefaultLanguage([
+            'locale' => 'fr',
+            'typo3Language' => 'fr-test',
+        ]);
+
+        // no MP Parameter given
+        $subject = new TypoScriptFrontendController(
+            new Context(),
+            $site,
+            $site->getLanguageById(0),
+            new PageArguments(13, '0', [], [], [])
+        );
+        self::assertEquals('', $subject->MP);
+
+        // single MP parameter given
+        GeneralUtility::addInstance(LanguageServiceFactory::class, $languageServiceFactoryProphecy->reveal());
+        $subject = new TypoScriptFrontendController(
+            new Context(),
+            $site,
+            $site->getLanguageById(0),
+            new PageArguments(13, '0', [], [], ['MP' => '592-182'])
+        );
+        self::assertEquals('592-182', $subject->MP);
+
+        // invalid characters included
+        GeneralUtility::addInstance(LanguageServiceFactory::class, $languageServiceFactoryProphecy->reveal());
+        $subject = new TypoScriptFrontendController(
+            new Context(),
+            $site,
+            $site->getLanguageById(0),
+            new PageArguments(13, '0', [], [], ['MP' => '12-13,a34-45/'])
+        );
+        self::assertEquals('12-13,34-45', $subject->MP);
+
+        // single MP parameter given but MP feature is turned off
+        $GLOBALS['TYPO3_CONF_VARS']['FE']['enable_mount_pids'] = false;
+        GeneralUtility::addInstance(LanguageServiceFactory::class, $languageServiceFactoryProphecy->reveal());
+        $subject = new TypoScriptFrontendController(
+            new Context(),
+            $site,
+            $site->getLanguageById(0),
+            new PageArguments(13, '0', [], [], ['MP' => '592-182'])
+        );
+        self::assertEquals('', $subject->MP);
+    }
+
     private function createSiteWithDefaultLanguage(array $languageConfiguration): Site
     {
         return new Site('test', 13, [