We Keep Coding

Strange TYPO3 extension requests which result in "is not allowed by plugin" errors

We maintain a lot of TYPO3 projects and in some of these we sometimes get strange log entries where controllers or actions of an extension are requested, which, for sure don't exist.
For example some log entries:
The controller "(SELECT (CASE WHEN (2302=2302) THEN 2302 ELSE 2302*(SELECT 2302 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))" is not allowed by plugin "List". Please check for TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin() in your ext_localconf.php
The controller "Shop') AND 3375=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(112)||CHR(120)||CHR(118)||CHR(113)||(SELECT (CASE WHEN (3375=3375) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(98)||CHR(118)||CHR(98)||CHR(113)||CHR(62))) FROM DUAL) AND ('CnON'='CnON" is not allowed by plugin "List". Please check for TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin() in your ext_localconf.php
The action "listFilter UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL#" (controller "...") is not allowed by this plugin / module. Please check TYPO3\CMS\Extbase\Utility\ExtensionUtility::configurePlugin() in your ext_localconf.php / TYPO3\CMS\Extbase\Utility\ExtensionUtility::configureModule() in your ext_tables.php
Are these requests from bots and can we prevent this somehow, or can we simply ignore the entries?

These are requests from bots that try to inject SQL into TYPO3. You can ignore them, as long as you are confident that your installation is up to date and your extensions are well maintained.

TYPO3 pure backend extension V11.5

I'm using TYPO3 V11.5 with an extension, which has only a backend module.
Therefore it doesn't exist any configPlugin and also no ext_localconfig and under Configuration->TCA->Overrides no tt_content.php file.
If I try to call the backend I get the following error message:
What is required to avoid this error or is it an TYPO3 bug?
Edit
Stupid misteake, forgot to include the extension template under Template->Includes!

Without having too much code I guess it is because the class really does not exist! Is the file really called BackEndController and also the class in it BackEndController with an uppercase E?

Frontend-editing broken when text contains internal links

We are using TYPO3 8.7.19 with the extension frontend_editing (Version: 1.4.0) and CoolURI. We still use css_styled_content.
When editing a content element in the frontend with the „frontent-editing bar”, e.g. text I get an error, but only, if it contains an internal link.
The changes are not saved. It crash with:
Core: Exception handler (WEB): Uncaught TYPO3 Exception: #1460629247: No valid handlers found for type: unknown | TYPO3\CMS\Core\LinkHandling\Exception\UnknownLinkHandlerException thrown in file /usr/share/typo3/typo3_src-8.7.19/typo3/sysext/core/Classes/LinkHandling/LinkService.php in line 163. Requested URL: https://www.mysite.de/typo3/index.php?ajaxID=%2Fajax%2Ffrontend-editing%2Fprocess&ajaxToken=--AnonymizedToken--&page=123
There is a bug report and a suggested solution für TYPO3 9.5.x and a solution for TYPO3 8.7.x
Unfortunately, I don't know how to realize that solution for my system, cause
wee use coolURI but not the required realurl-xtension.
I don't know where to add the suggested code
Any hints for me?

Problem has been solved by the author of frontend_editing:
Add in typo3conf/ext/frontend_editing/Configuration/TypoScript/setup.ts
# Prevent links from being parsed to FE url
lib.parseFunc_RTE.tags.a >

How to trigger a tx_news search using typolink

We recently switched from tt_news to Georg Ringers News extension and I - as a novice typo3 coder - need help fixing some typoscript code that was used to trigger context specific searches using typolink.
The old snippet was
typolink.parameter = 649
typolink.useCacheHash = 1
typolink.additionalParams.current = 1
typolink.additionalParams.wrap = &tx_ttnews[swords]=|
The new parameter needs to be &tx_news_pi1 but swords does not work. I can't find documentation or examples how the search value can be set. I searched the code itself and dumb tried my luck with &tx_news_pi1[search]=| but that just shows the default numerical typo3 error "Oops, an error occurred! Code: 2018020814150924e87636" if something cannot be rendered. BTW: The referenced search result page works fine if called using the search form.

After grabbing through the code try &tx_news_pi1[overwriteDemand][search][subject]=|.
On the target list you need to allow overwriting of the demand in the plugin flexform!

The solution of Thomas works for me even without the [overwriteDemand] using the search result page as target. Thx.
typolink.parameter = 649
typolink.useCacheHash = 1
typolink.additionalParams.current = 1
typolink.additionalParams.wrap = &tx_news_pi1[search][subject]=|
I really would like to know how this could be grabbed from the code. :-) It seems that I have to learn more about php and the underlying data structure - [search][subject] looks like a kind of array which I didn't expect for that type of parameter.

Magento - Error after disabling modules

I've disabled the Rss and Newsletter modules of my Magento 1.7 instance following the instructions of this post:
http://inchoo.net/ecommerce/magento/how-to-fully-disable-turn-off-magento-module/comment-page-1/#comment-65853
I just edited the app\etc\modules\Mage_All.xml file by changing to <active>false</active> in both Mage_Rss and Mage_Newsletter modules.
The problem is that when I try to load a customer page through admin panel, I get the following error:
Fatal error: Call to a member function loadByCustomer() on a
non-object in app\code\core\Mage\Newsletter\Model\Subscriber.php on
line 267
Why is it happening? Why is this code being executing even though I've disabled such module?
Thanks!

First step after disabling a module through its <active> entry. Always clear cache and if you use the compiler, recompile so you don't have code referencing classes in the disabled module.
Often the problem is not with code executing after the module is shut off through the app/etc/modules/mod_name.xml by setting <active> to false, but with other modules, templates or layouts attempting to call code in the disabled module.
Where issues come in are if another module lists the module just turned off in its dependency list. Always check all the other module xml files dependency lists for mention of the module you are deactivating.
Also, you have to check for template .phtml files that reference classes in the disabled module. This can throw the dreaded call to a non-object type exception errors. As an example, one module that provides custom cart attributes asks you to add entries to your cart templates. Shutting off the module does not get rid of the references.
Make sure no layouts are attempting to load anything referencing this module as well (custom layout local.xml).
You also might want to go to System Config, Advanced and shut the Newsletter module output off there in case the Magento Customer Account is depending on testing for the module being disabled by calling that entry instead of actually checking to see if the Module is loaded. Sometimes Magento programmers forget to do proper error trapping, which has thrown me for a loop before.

I believe I could solve the problem (not sure if generated any side effect):
Just edited the file app\code\core\Mage\Adminhtml\Block\Customer\Edit\Tabs.php around line 90 by adding the external if clause:
if (Mage::helper('core')->isModuleEnabled('Mage_Newsletter')) {
if (Mage::getSingleton('admin/session')->isAllowed('newsletter/subscriber')) {
$this->addTab('newsletter', array(
'label' => Mage::helper('customer')->__('Newsletter'),
'content' => $this->getLayout()->createBlock('adminhtml/customer_edit_tab_newsletter')->initForm()->toHtml()
));
}
}
+1 if I saved your day and please let me know if you noticed and possible impact :D