Extension realurl - display of SQL query parts in URL

Question

First of all, I have to deal with a project-related upgrade of a TYPO3 version and am also relatively new to the Nginx web server.

I have upgraded a TYPO3 installation from version 7.6-LTS to 8.7-LTS and transferred the site from an IIS (Windows) server to an Ubuntu 18.04 system with Nginx.

I have now discovered the following: the first click on an internal link on the website in the menu e.g. domain.com/prices works correctly. The URL domain.com/prices is called and also shown in the URL. Now when the page has been reloaded, the same menu item link now looks like this...

domain.com/index.php?id=8&L=1%20or%20%281%2C2%29%3D%28select%2Afrom%28select%20name_const%28CHAR%28111%2C108%2C111%2C108%2C111%2C115%2C104%2C101%2C114%29%2C1%29%2Cname_const%28CHAR%28111%2C108%2C111%2C108%2C111%2C108%2C111%2C115%2C104%2C101%2C114%29%2C1%29%29a%29%20- -%20and%201%3D1 

...instead of the usual domain.com/prices. The oontent of the page is still correctly, so the correct page is being loaded.

The Typo3 installation uses the extension real url, which is exactly for this feature. It translates domain.com/index.php?id=8&L=1... into a speaking url like domain.com/prices. So why is it working on the first load, but then no longer?

I also thought, it could be an issue with the configuration of Nginx, but now I think it is a different topic here, because if it is a webserver issue, it won't work the first time, will it?

What can cause this behaviour?

Update

I actually saw, that the English version of the website is working well. So here, the links are displayed correctly: domain.com/prices, domain.com/modules and not even not first page load.

Maybe it is helpful. This is the Nginx config, I currently use:

server {
    listen 80;
    server_name domain.com;
    root /var/www/domain.com/public;
    index index.php index.html index.htm index.nginx-debian.html;

    listen 443 ssl;
    ssl_certificate /var/www/domain.com/ssl/domain.com-2020.crt;
    ssl_certificate_key /var/www/domain.com/ssl/domain.com-2020.rsa;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    # Special root site case. prevent "try_files $uri/" + "index" from skipping the cache
    # by accessing /index.php directly
    location =/ {
        recursive_error_pages on;
        error_page 405 = @sfc;
        return 405;
    }

    location @t3frontend {
        # Using try_files for ease of configuration demonstration here,
        # you can also fastcgi_pass directly to php here
        try_files $uri /index.php$is_args$args;
    }

    location @sfc {
        # Perform an internal redirect to TYPO3 if any of the required
        # conditions for StaticFileCache don't match
        error_page 405 = @t3frontend;

        # Query String needs to be empty
        if ($args != '') {
            return 405;
        }

        # We can't serve static files for logged-in BE/FE users
        if ($cookie_staticfilecache = 'fe_typo_user_logged_in') {
            return 405;
        }
        if ($cookie_be_typo_user != '') {
            return 405;
        }

        # Ensure we redirect to TYPO3 for non GET/HEAD requests
        if ($request_method !~ ^(GET|HEAD)$ ) {
            return 405;
        }

        charset utf-8;
        try_files /typo3temp/tx_staticfilecache/${scheme}/${host}/${server_port}${uri}/index.html
        /typo3temp/tx_staticfilecache/${scheme}/${host}/${server_port}${uri}
        =405;
    }

    location /typo3temp/tx_staticfilecache {
            deny all;
    }

    location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
    }

    location ~ /\.ht {
            deny all;
    }

    # Prevent clients from accessing hidden files (starting with a dot)
    # This is particularly important if you store .htpasswd files in the site hierarchy
    # Access to `/.well-known/` is allowed.
    # https://www.mnot.net/blog/2010/04/07/well-known
    # https://tools.ietf.org/html/rfc5785
    location ~* /\.(?!well-known\/) {
        deny all;
    }

    # Prevent clients from accessing to backup/config/source files
        location ~* (?:\.(?:bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$ {
        deny all;
    }

    # TYPO3 - Block access to composer files
    location ~* composer\.(?:json|lock) {
        deny all;
    }

    # TYPO3 - Block access to flexform files
    location ~* flexform[^.]*\.xml {
        deny all;
    }

    # TYPO3 - Block access to language files
    location ~* locallang[^.]*\.(?:xml|xlf)$ {
        deny all;
    }

    # TYPO3 - Block access to static typoscript files
    location ~* ext_conf_template\.txt|ext_typoscript_constants\.(?:txt|typoscript)|ext_typoscript_setup\.(?:txt|typoscript) {
        deny all;
    }

    # TYPO3 - Block access to miscellaneous protected files
    location ~* /.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|dist|fla|in[ci]|log|sh|sql)$ {
        deny all;
    }

    # TYPO3 - Block access to recycler and temporary directories
    location ~ _(?:recycler|temp)_/ {
        deny all;
    }

    # TYPO3 - Block access to configuration files stored in fileadmin
    location ~ fileadmin/(?:templates)/.*\.(?:txt|ts|typoscript)$ {
        deny all;
    }

    # TYPO3 - Block access to libaries, source and temporary compiled data
    location ~ ^(?:vendor|typo3_src|typo3temp/var) {
        deny all;
    }

    # TYPO3 - Block access to protected extension directories
    location ~ (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/ {
        deny all;
    }
}
server {
    if ($host = domain.com) {
        return 301 https://$host$request_uri;
    }


        listen 80;
        server_name domain.com;
    return 404; 
}

And this is the config of realurl:

The template analysis does not show any error. This is the template analysis for realurl:

Update 2

I'm a step further in this issue. I've read the bug report https://github.com/dmitryd/typo3-realurl/issues/333 which is similar to my issue. I tried to switch the config.linkVars value from L to L(0,1). That helped in the URL issue. But now it switches always back to German language.

With the setting L in config.linkVars, it added the language in the url, if it was not German:

domain.com/en/prices

With the new value L(0,1) it removes the language in the URL

domain.com/prices

So it always shows the German version of the page. I even tried to set the value to L(0,2), because of German, English and French language is integrated (1=English, 2=French), but it does not help in this case. It switches always back to German because of the missing language code in the URL.

Answer 1

Ok. Now I found the solution. As I wrote in the comments it was the config setting:

config.linkVars

which was set initially to

config.linkVars = L

After I found this bug report

https://github.com/dmitryd/typo3-realurl/issues/333

I saw that I need to limit the L-value for security reasons. In our case 0 for german, 1 for english, 2 for french:

config.linkVars = L(0-2)

Then all worked fine.