[SECURITY] XSS possibility in RemoveXSS
authorAndreas Wolf <andreas.wolf@ikt-werk.de>
Wed, 28 Mar 2012 11:56:17 +0000 (13:56 +0200)
committerOliver Hader <oliver@typo3.org>
Wed, 28 Mar 2012 11:56:19 +0000 (13:56 +0200)
commit0e25f86ebcffa12b59879b0613d93d91b90ec275
treebc51bad93a0b3263cb30a4e0b79ac3563802bd56
parenta9aca5b8835ccd8a3dd127fe4b42fa6ee8447ebe
[SECURITY] XSS possibility in RemoveXSS

RemoveXSS fails to properly remove non printable characters, especially
zero-byte (\x00) chars.

Change-Id: I7005a7fbea98f224eab10cc639d6008d56adb2f6
Fixes: #30188
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Commit: 5c4076c527bb91f1232ed490eff779f78f89402b
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10030
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
tests/contrib/class.removexssTest.php
typo3/contrib/RemoveXSS/RemoveXSS.php