[SECURITY] Fix potential XSS in t3lib_BEfunc::getFuncCheck
authorHelmut Hummel <helmut.hummel@typo3.org>
Thu, 8 Nov 2012 11:44:08 +0000 (12:44 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 8 Nov 2012 11:44:11 +0000 (12:44 +0100)
commitf22dc79c650fe0473c2433b73a3f504476e246d4
treea9ff2f90cb11a9b931b9090c2524b3f5faab6cd1
parent72153ccc404d59d664a1b038fe37eb06547f19b1
[SECURITY] Fix potential XSS in t3lib_BEfunc::getFuncCheck

The method getFuncCheck creates an URL from input variables and puts
it in JavaScript context without properly encoding them.

This might lead to XSS if the input variables come from untrusted source.

Fixes: #42776
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: Ie9ac07acdfaa322b50366dc62da599055ff00248
Security-Commit: 6fb472ca36fbeb32ddcfd18ac68a90f2f0933af1
Security-Bulletin: TYPO3-CORE-SA-2012-005
Reviewed-on: http://review.typo3.org/16299
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
t3lib/class.t3lib_befunc.php