[SECURITY] Untrusted GP data is unserialized in old CSH handling
authorHelmut Hummel <helmut.hummel@typo3.org>
Wed, 15 Aug 2012 10:17:23 +0000 (12:17 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:17:26 +0000 (12:17 +0200)
commita3293a70e3652d26e63a11fadd58bcf8394b0f88
treeae34c09267315238d4d53f0c33d80cc4f3ec3257
parentccbbfc317935408475246aa51d8babc6d5ebb8ec
[SECURITY] Untrusted GP data is unserialized in old CSH handling

Using the old and already deprecated CSH handling in TYPO3 backend,
untrusted GP data is unserialized. Validate the submitted data with
an hmac.

Change-Id: I0a6961b7db3e4b80270745421c82122deb4f6874
Fixes: #33520
Releases: 6.0, 4.7, 4.6, 4.5
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13737
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
t3lib/class.t3lib_tceforms.php
typo3/view_help.php