[SECURITY] Fix GeneralUtility::sanitizeLocalUrl to detect foreign schemes 22/43122/2
authorNicole Cordes <typo3@cordes.co>
Tue, 8 Sep 2015 08:58:06 +0000 (10:58 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 8 Sep 2015 08:58:15 +0000 (10:58 +0200)
commitdaa52f2c147d05f56d84acf5e24bc10e2c719700
treea8cab95097ef861bcfa0d3e7a4cddd7720b6c1db
parent86e0140b1a375736babbe26b674e19fbc1b0c337
[SECURITY] Fix GeneralUtility::sanitizeLocalUrl to detect foreign schemes

This patch adds a check to be able to recognize arbitrary schemes which
have to be skipped. Furthermore a missing sanitation is added to
TYPO3\CMS\Backend\Controller\ContentElement\ElementInformationController

Resolves: #68825
Releases: master, 6.2
Security-Commit: de692804837ad0ddfdff194571dc8c786c717576
Security-Bulletin: TYPO3-CORE-SA-2015-009
Change-Id: Iddd54d241776a47f634c9ac2540e6a2e31801da7
Reviewed-on: http://review.typo3.org/43122
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/backend/Classes/Controller/ContentElement/ElementInformationController.php
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/core/Tests/Unit/Utility/GeneralUtilityTest.php