Fixed bug #15729: Sysext setup's user simulation is susceptible to XSS (thanks to...
authorOliver Hader <oliver.hader@typo3.org>
Wed, 6 Oct 2010 08:13:54 +0000 (08:13 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 6 Oct 2010 08:13:54 +0000 (08:13 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@8966 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/sysext/setup/mod/index.php

index d96a581..ae5c770 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@
        * Fixed bug #13650: Information disclosure in sys_actions (DB mount, usergroups) (thanks to Georg Ringer)
        * Fixed bug #15461: RemoveXSS exposes XSS vulnerability for double encoded characters (thanks to Marcus Krause)
        * Fixed bug #15728: Extension Manager allows to download arbitrary files beyond PATH_site or rootpath (thanks to Marcus Krause)
+       * Fixed bug #15729: Sysext setup's user simulation is susceptible to XSS (thanks to Marcus Krause)
 
 2010-09-24  Steffen Gebert  <steffen@steffen-gebert.de>
 
index cf6c734..e5de0a4 100755 (executable)
@@ -689,7 +689,7 @@ class SC_mod_user_setup_index {
                $this->simulateSelector = '';
                unset($this->OLD_BE_USER);
                if ($BE_USER->isAdmin())        {
-                       $this->simUser = t3lib_div::_GP('simUser');
+                       $this->simUser = intval(t3lib_div::_GP('simUser'));
 
                                // Make user-selector:
                        $users = t3lib_BEfunc::getUserNames('username,usergroup,usergroup_cached_list,uid,realName');