Breaking: #88755 - Remove POST option from typolink.addQueryString.method
See forge#88755
Description
Setting add
of typolink could be used like shown below in order to transform
HTTP POST parameters into according GET parameters.
typolink {
parameter = 123
addQueryString = 1
addQueryString.method = POST
}
In terms of correctly using HTTP verbs it's bad practise in general to treat GET and POST equally, besides that documentation already mentioned potential side-effects like accidentally exposing sensitive data submitted via POST to proxies or log files.
That's why values POST
, GET,POST
and POST,GET
are not allowed anymore
for typolink.
. Maintaining functionality - if required at all - has to be done
using domain specific logic in according controllers or middleware implementations.
Impact
- using
GET,POST
,POST,GET
orPOST
will trigger anE_
USER_ WARNING - using
GET,POST
orPOST,GET
will fall back toGET
- using
POST
will be ignored and an empty result
In a consequence only query parameters submitted via HTTP GET are taken into account, parameters of HTTP POST body are ignored.
Affected Installations
- TypoScript defining
typolink.
with values mentioned in previous sectionadd Query String. method - invocations of
TYPO3\
with values mentioned in previous sectionCMS\ Extbase\ Mvc\ Web\ Routing\ Uri Builder:: set Add Query String Method () - as an effect Fluid view helpers forwarding this information to
TYPO3\
are affected - argumentCMS\ Extbase\ Mvc\ Web\ Routing\ Uri Builder:: set Add Query String Method () add
is affected in view helper of TYPO3 core like shown below +Query String Method <f:
+form ... add Query String Method="POST"> <f:
+link. action add Query String Method="POST"> <f:
+link. page ... add Query String Method="POST"> <f:
+link. typolink add Query String Method="POST"> <f:
+uri. action ... add Query String Method="POST"> <f:
+uri. page ... add Query String Method="POST"> <f:
+uri. typolink add Query String Method="POST"> <f:
+widget. uri ... add Query String Method="POST"> <f:
+widget. link add Query String Method="POST"> <f:
widget. paginate ... configuration=" {add Query String Method: 'POST'}">
Migration
- change to mentioned assignments in TypoScript, Fluid templates or PHP code to
GET
- analyse and try to understand whether
POST
is still required or could be substituted