[SECURITY] Prevent editor controlled hmac content 23/26223/2
authorFranz G. Jahn <franzjahn@cron-it.de>
Tue, 10 Dec 2013 09:55:04 +0000 (10:55 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 10 Dec 2013 09:55:08 +0000 (10:55 +0100)
commitfdd3d3f171234741bf66e734bee6a16a8c9388e1
tree8395ad54cd5ba15c0d662b83b6e9747fae716110
parentf51afe2ffa058b795beb3107c5116885a4ed9501
[SECURITY] Prevent editor controlled hmac content

An hmac of the editor controlled auto respond message was used to verifiy
the correctness of this message on submit. To prevent this, we add an
additional secret.

Change-Id: I1551feebd4dd84abeb3fb098175384f425f605a9
Fixes: #45043
Releases: 4.5, 4.7, 6.0, 6.1, 6.2
Security-Commit: 344975268f4b9eb4ce7c664958647b9268ea03a8
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26223
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/frontend/Classes/ContentObject/FormContentObject.php
typo3/sysext/frontend/Classes/Controller/DataSubmissionController.php