Use default language if wrong one is provided and reduce log size #575
Conversation
emmguyot
changed the title
|
Would be nice if this PR would be accepted |
|
Please, fix your site instead! It is really your job to provide proper urls to realurl, not realurl's job to recover for your implementation mistakes. I already explained many times how to do it. I also have information on the wiki about it. |
As we have no control over the L parameter that users might send to the TYPO3-system this can't be done without overly complex work. It is just bad practice to use debug_backtrace() in production context. Nonetheless, thx for your engagement for realurl, As I understand you are not willing to change this, I must accept your decision while I still think it is wrong. There are some workarounds plus a patch, which works nicely. |
|
Dmitry, I agree with you that the site has to be fixed first. In my case, the problem occurs because of several Typo3 upgrades and, even if now my site hasn't any problem when you crawl it, search engines has memorized some URL with problem with the L parameter. And the log grows each time they crawl these URLs. Please give us details on how to fix this kind of problems. |
It was requested by people, who could not get the information about the error in any other way. So this got integrated to help other people too. You can always send this output to nowhere with logging configuration. |
|
Hi Dmitry, I understand the motivation behind adding the debug_backtrace() but this thing can actually generate really HUGE log files. As in a recent case from us, 3MB per log entry and 10GB per day. Does that seem like a good compromise proposal? |
Well, sometimes the cause can be 50 lines deeper (like if you generate a link using the menu). So with a short log the log will be useless. We do a lot of projects and never had the issue. We control what we pass to links, that's all. Validation is the key. If the site lacks validation of GET parameters, it is pretty bad... |
|
How can I validate what the site user types into the URL? I think you misunderstood the problem. |
You can read the docs at least :) Btw, there should be much less logging in 2.4.0. |
|
We are stil talking about two different things. You are talking about link
generation, since the config settings you repeatedly refer to are just for
that. I read the docs many times and I am talking about the url the user
types into his browser address bar. And here only his imagination is the
limit, his or the bots which tries to DoS your server.
wt., 24 lip 2018, 13:43 użytkownik Dmitry Dulepov <[email protected]>
napisał:
… @artur2000 <https://github.com/artur2000>
How can I validate what the site user types into the URL?
You can read the docs at least :) config.linkVars and avoiding
addQueryString will make sure you never have wrong parameters in your
urls.
Btw, there should be much less logging in 2.4.0.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#575 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AFK0KtTlF5-W31WnFAlNUyFEGdUGCKCcks5uJwhPgaJpZM4Q1fKC>
.
|
|
Realurl cannot prevent the user from typing anything in the browser. However you can prevent bad |
To fix issue #549, when a bad language parameter is given, the default language is used.
A short error is logged to help in writing redirect action for fake URLs : This log is done only once per request.