[BUGFIX] AddController: RemoveXSS on REQUEST_URI 80/20680/5
authorLaurent Cherpit <lcherpit@ttree.ch>
Mon, 29 Jun 2015 22:06:59 +0000 (00:06 +0200)
committerAnja Leichsenring <aleichsenring@ab-softlab.de>
Tue, 30 Jun 2015 08:13:20 +0000 (10:13 +0200)
commit22ed94996e0eee9430fc604acb84fa1da6f94eee
treed917bec93988a44c86c387cdcf9b35645d1376b3
parent1dc6f2f038f3c87f99162d38927cbd975077f97f
[BUGFIX] AddController: RemoveXSS on REQUEST_URI

sanitizeLocalUrl() fails to compare returnUrl value if the TCA column of a
field type "select" contains configuration keys like "itemListStyle" or
"selectedListStyle".
In "AddController", using RemoveXSS on request_uri before assigning the
returnUrl parameter, the comparaison of the params of returnUrl will
match on the backlink generation used to close the editForm.

If returnUrl contains string with "style" in it, it will be processed in
the same manner by sanitizeLocalUrl. So the backlink of the editForm
will not be dummy.php.

Change-Id: I5f3282766fe6cf9cae24f70d7f979ce4be004d5f
Resolves: #48096
Releases: master
Reviewed-on: http://review.typo3.org/20680
Reviewed-by: Benjamin Mack <benni@typo3.org>
Tested-by: Benjamin Mack <benni@typo3.org>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
typo3/sysext/backend/Classes/Controller/Wizard/AddController.php