[SECURITY] Untrusted GP data is unserialized in old CSH handling
authorMarcus Krause <marcus.krause@typo3.org>
Wed, 15 Aug 2012 10:21:04 +0000 (12:21 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:21:11 +0000 (12:21 +0200)
Using the old and already deprecated CSH handling in TYPO3 backend,
untrusted GP data is unserialized. There's no longer a code path
in TYPO3 to generate the GP data. So we can safely remove all
leftovers.

Change-Id: I522cc774e65754ebbf05e6d1df65da41e7ab3f8a
Fixes: #33520
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: ac048ef7f8a789b218c2fa170747122beb594277
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13767
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/cshmanual/mod/index.php

index 112917d..f2518f6 100644 (file)
@@ -78,8 +78,6 @@ class SC_view_help {
        // Internal, static: GPvar:
        // Table/FIeld id.
        var $tfID;
-       // Flexform file/field information
-       var $ffID;
        // Back (previous tfID)
        var $back;
        // If set, then in TOC mode the FULL manual will be printed as well!
@@ -104,11 +102,6 @@ class SC_view_help {
                if (!preg_match('/^[a-zA-Z0-9_\-\.\*]*$/', $this->tfID)) {
                        $this->tfID = '';
                }
-               if (!$this->tfID) {
-                       if (($this->ffID = t3lib_div::_GP('ffID'))) {
-                               $this->ffID = unserialize(base64_decode($this->ffID));
-                       }
-               }
                $this->back = t3lib_div::_GP('back');
                $this->renderALL = t3lib_div::_GP('renderALL');
 
@@ -169,9 +162,6 @@ class SC_view_help {
                        $this->createGlossaryIndex();
                        $this->content .= $this->render_Single($this->mainKey, $this->field);
 
-               } elseif (is_array($this->ffID)) {
-                       $this->content .= $this->render_Single($this->mainKey, $this->field);
-
                } else {
                                // Render Table Of Contents if nothing else:
                        $this->content.= $this->render_TOC();