[SECURITY] Prevent editor controlled hmac content 82/26182/2
authorFranz G. Jahn <franzjahn@cron-it.de>
Tue, 10 Dec 2013 09:51:17 +0000 (10:51 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 10 Dec 2013 09:51:22 +0000 (10:51 +0100)
commit52d3bff43f7467b565cb7084d2605d2f06c8d559
tree0014148586e2b6bab0735fd0185602f4cbbd0a22
parentcae8739c84fb76f4e9388aa6b9bba33734cec3e3
[SECURITY] Prevent editor controlled hmac content

An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. To prevent this, we add an
additional secret.

Fixes: #45043
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
(cherry picked from commit 66013e46f09b38343ac22d9e231328966bff0c6e)
Security-Commit: fa5bdd2ac518555f21ec857dc31d2991a1e937ad
Security-Bulletin: TYPO3-CORE-SA-2013-004

Change-Id: I66b1ddc379577fc3ed67012384a15c38a6b76a03
Reviewed-on: https://review.typo3.org/26182
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
t3lib/class.t3lib_formmail.php
typo3/sysext/cms/tslib/content/class.tslib_content_form.php