[SECURITY] Untrusted GP data is unserialized in old CSH handling
authorHelmut Hummel <helmut.hummel@typo3.org>
Wed, 15 Aug 2012 10:18:27 +0000 (12:18 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:18:32 +0000 (12:18 +0200)
commitdc6529c3dddd439228497c1fb6f91de6cea75cb0
tree65af5db0d57f9e0c9b78485a29d0ff39463292fa
parent8c0b4dc66d4c22711f697b74d5c15fbaf7d07528
[SECURITY] Untrusted GP data is unserialized in old CSH handling

Using the old and already deprecated CSH handling in TYPO3 backend,
untrusted GP data is unserialized. Validate the submitted data with
an hmac.

Change-Id: Ifc93c7d853c2b0df59dd12ab95a7ce1ee4a28a8e
Fixes: #33520
Releases: 6.0, 4.7, 4.6, 4.5
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13747
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
t3lib/class.t3lib_tceforms.php
typo3/view_help.php