PHPackages sourcebroker/urlguard - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. sourcebroker/urlguard Abandoned → [https://github.com/b13/trusted-url-params](/?search=https%3A%2F%2Fgithub.com%2Fb13%2Ftrusted-url-params)ArchivedTypo3-cms-extension[Utility & Helpers](/categories/utility) sourcebroker/urlguard ===================== Adds support for typolink addQueryString to allow to include only specific url vars. 1.0.5(7y ago)1522.8k4GPL-2.0+PHP Since Dec 25Pushed 4y ago1 watchersCompare [ Source](https://github.com/sourcebroker/urlguard)[ Packagist](https://packagist.org/packages/sourcebroker/urlguard)[ RSS](/packages/sourcebroker-urlguard/feed)WikiDiscussions master Synced 4d ago READMEChangelogDependencies (1)Versions (13)Used By (0) TYPO3 Extension `urlguard` ========================== [](#typo3-extension-urlguard) > [![https://poser.pugx.org/sourcebroker/urlguard/v/stable](https://camo.githubusercontent.com/44d75fbfdaea42b5c0a31296f1762a53af7176d581d36e3a6d7b63298561be78/68747470733a2f2f706f7365722e707567782e6f72672f736f7572636562726f6b65722f75726c67756172642f762f737461626c65)](https://packagist.org/packages/sourcebroker/urlguard)[![https://poser.pugx.org/sourcebroker/urlguard/license](https://camo.githubusercontent.com/9f7439db0c9a862708eca7b062c7901ba2b25ae2865dde66a23daa0ea8d6ad13/68747470733a2f2f706f7365722e707567782e6f72672f736f7572636562726f6b65722f75726c67756172642f6c6963656e7365)](https://packagist.org/packages/sourcebroker/urlguard) This extension will not longer be mainained ------------------------------------------- [](#this-extension-will-not-longer-be-mainained) Look for alternative here (Thanks to Benni Mack from b13 GmbH) What does it do? ---------------- [](#what-does-it-do) This extension adds two new options for `typolink.addQueryString` setting. This new options allow to define what query parameters will be passed to newly created typolinks. First option is `typolink.addQueryString.include` (string, comma separated - empty by default). All query parameters that does not exist on this list will be not passed to newly created typolink. Second option is `typolink.addQueryString.includePluginsNamespaces` (boolean - set by default to true). If enabled then all query parameters that does not fit into first level of Extbase plugins namespace will be not passed to newly created typolink. In the background those both options check for all query parameter that does not exists on `typolink.addQueryString.include`, `typolink.addQueryString.includePluginsNamespaces` and if so then adds them to `addQueryString.exclude` list. If you are unsure if you need those options then read [Background](#background) and [Flooding problems of addQueryString](#flooding-problems-of-addquerystring). Because `addQueryString.includePluginsNamespaces` is enabled by default then you do not need to change your TypoScript code after this extension installation. You will be safe from flooding by default! Installation ------------ [](#installation) 1. Use composer or download by Extension Manager. ``` composer require sourcebroker/urlguard ``` 2. Go to Extension Manager, find `Urlguard` choose Options and set `enableXclassForContentObjectRenderer`. 3. Clear TYPO3 frontend cache. In browser open link `https://www.example.com/?asd=1` and look for the links builded by language menu. You should not see links like `?asd=1&cHash=1234567890`. If you still see `?asd=1&cHash=1234567890` it means ext:urlguard is not working. In that case look for note below. Note! It may happen that one of your installed extension is already overwriting class `\TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer`. In that case you may expect that either `urlguard` will not work or the second extension that overwrites class ContentObjectRenderer will not work. That depends which extension is loaded last - the last one overwrites. If you are experiencing this situation then you can apply patch needed by ext:urlguard directly to core class ContentObjectRenderer. Look for patches in `Resources/Private/Patches` and apply them manually or automatically with composer package `cweagans/composer-patches`. Note! For TYPO3 6.2 you can apply patch from Resources/Private/Patches/ContentObjectRenderer\_TYPO3\_6.2.patch Background ---------- [](#background) Usually when you build language menu (or page browsing) then you want to use `typolink.addQueryString` to pass all parameters that are set on query so the parameters are the same for other languages or for next pages in page browser. Lets take an example. The link that was requested by user is a link to single view of news: `https://www.example.com/?id=10&tx_news_pi[news]=15&cHash=1234567890` When TYPO3 will start to generate language menu it will build following links adding L parameter: - `https://www.example.com/?id=10&tx_news_pi[news]=15&L=1&cHash=1234567890` - `https://www.example.com/?id=10&tx_news_pi[news]=15&L=2&cHash=1234567890` - `https://www.example.com/?id=10&tx_news_pi[news]=15&L=3&cHash=1234567890` This is perfectly fine and what you wanted! Unfortunately the reality is that bots are permanently hitting your website with very strange url parameters that are not coming from you application. How it looks like then? Lets take an next example - bot hits your website with: `https://www.example.com/?__asd=1139234` The language menu will build following links: - `https://www.example.com/?__asd=1139234&L=1&cHash=1234567890` - `https://www.example.com/?__asd=1139234&L=2&cHash=1234567890` - `https://www.example.com/?__asd=1139234&L=3&cHash=1234567890` This is what you would like to avoid. What are the downsides of such situation? Please read next chapter. Flooding problems of addQueryString ----------------------------------- [](#flooding-problems-of-addquerystring) ### Flooding of table cf\_cache\_pages [](#flooding-of-table-cf_cache_pages) When typolink is used with addQueryString option activated there is no easy way to exclude all possible query parameters with `typolink.addQueryString.exclude` because we can not predict all the params used by bots. This means that typolink will generate links containing valid cHash but with bot's params that are not supported by our application. If later bot will traverse those links then each of such link will build new cache entry in `cf_cache_pages` table. This means pressure on processor, database and database space. ### Flooding of table tx\_realurl\_urldata (not longer valid for TYPO3 9.5) [](#flooding-of-table-tx_realurl_urldata-not-longer-valid-for-typo3-95) Each link created by typolink has its entry in realurl table `tx_realurl_urldata`. Because there is no way to effectively exclude all possible query parameters with `typolink.addQueryString.exclude` then this table will be flooded and will make pressure on processor, database and database space. How can you prevent 'addQueryString flooding' problems? ------------------------------------------------------- [](#how-can-you-prevent-addquerystring-flooding-problems) Install ext:urlguard. By default it has active `typolink.addQueryString.includePluginsNamespaces` which will exclude all parameters that does not fit into first level of Extbase plugins namespace. How can you prevent 'addQueryString flooding' problems without ext:urlguard? ---------------------------------------------------------------------------- [](#how-can-you-prevent-addquerystring-flooding-problems-without-exturlguard) TYPO3 offers `typolink.addQueryString.exclude` where you can try to exclude all parameters that should not be passed when creating new typolink. The problem is: **you can not predict all the parameters used by bots**. The only 100% solution is to not use blacklisting of parameters (exclude) but whitelisting of parameters (include). This is what ext:urlguard is doing. Known problems -------------- [](#known-problems) None. Changelog --------- [](#changelog) See ### Health Score 37 — LowBetter than 83% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity30 Limited adoption so far Community11 Small or concentrated contributor base Maturity70 Established project with proven stability Bus Factor1 Top contributor holds 95.2% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~43 days Recently: every ~0 days Total 12 Last Release 2588d ago Major Versions 0.2.1 → 1.0.02019-04-13 ### Community Maintainers ![](https://www.gravatar.com/avatar/6066d053dfdc12f5a676444f6a40b5b7d0b5a112e0ab746c8b04f4a7201b0624?d=identicon)[sourcebroker](/maintainers/sourcebroker) --- Top Contributors [![kszymukowicz](https://avatars.githubusercontent.com/u/1453553?v=4)](https://github.com/kszymukowicz "kszymukowicz (40 commits)")[![verdure-koehnlein](https://avatars.githubusercontent.com/u/83215446?v=4)](https://github.com/verdure-koehnlein "verdure-koehnlein (2 commits)") --- Tags addquerystringrealurltypo3typo3-cms-extensiontypo3-extension ### Embed Badge ![Health badge](/badges/sourcebroker-urlguard/health.svg) ``` [![Health](https://phpackages.com/badges/sourcebroker-urlguard/health.svg)](https://phpackages.com/packages/sourcebroker-urlguard) ``` ### Alternatives [in2code/powermail Powermail is a well-known, editor-friendly, powerful and easy to use mailform extension for TYPO3 with a lots of features 982.5M38](/packages/in2code-powermail)[fluidtypo3/flux The flux package from FluidTYPO3 152982.2k20](/packages/fluidtypo3-flux)[friendsoftypo3/content-blocks TYPO3 CMS Content Blocks - Content Types API | Define reusable components via YAML 96374.6k23](/packages/friendsoftypo3-content-blocks)[derhansen/sf_event_mgt Configurable event management and registration extension based on ExtBase and Fluid 64313.9k6](/packages/derhansen-sf-event-mgt)[typo3/cms-t3editor TYPO3 CMS T3Editor - JavaScript-driven editor with syntax highlighting and code completion. Based on CodeMirror. 115.9M50](/packages/typo3-cms-t3editor)[wazum/sluggi TYPO3 extension for URL slug management with inline editing, auto-sync, locking, access control, and redirects 39488.5k](/packages/wazum-sluggi) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)