Fixed bug #14412: Field value added to foreign_table_where by replacing ###REC_FIELD_...
authorOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 09:14:52 +0000 (09:14 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 09:14:52 +0000 (09:14 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@8413 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_befunc.php

index 5e43a36..68cdea9 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,7 @@
        * Fixed bug #14389: phtml is also PHP extension and should be denied editing / uploading via fileadmin (thanks to Ernesto Baschny)
        * Fixed bug #1985: XSS vulnerability in wizard classes
        * Fixed bug #14712: The GET/POST variable mimeType is used to create the http header content-type without verification (thanks to Rupert Germann)
+       * Fixed bug #14412: Field value added to foreign_table_where by replacing ###REC_FIELD_THE_FIELD_NAME### is not quoted (thanks to Helmut Hummel and Xavier Perseguers)
 
 2010-07-21  Ingo Renner  <ingo@typo3.org>
 
index dc1217d..d20a290 100755 (executable)
@@ -2996,7 +2996,11 @@ final class t3lib_BEfunc {
                        while(list($kk, $vv) = each($fTWHERE_parts)) {
                                if ($kk) {
                                        $fTWHERE_subpart = explode('###', $vv, 2);
-                                       $fTWHERE_parts[$kk] = $TSconfig['_THIS_ROW'][$fTWHERE_subpart[0]].$fTWHERE_subpart[1];
+                                       if (substr($fTWHERE_parts[0], -1) === '\'' && $fTWHERE_subpart[1]{0} === '\'') {
+                                               $fTWHERE_parts[$kk] = $GLOBALS['TYPO3_DB']->quoteStr($TSconfig['_THIS_ROW'][$fTWHERE_subpart[0]], $foreign_table) . $fTWHERE_subpart[1];
+                                       } else {
+                                               $fTWHERE_parts[$kk] = $GLOBALS['TYPO3_DB']->fullQuoteStr($TSconfig['_THIS_ROW'][$fTWHERE_subpart[0]], $foreign_table) . $fTWHERE_subpart[1];
+                                       }
                                }
                        }
                        $fTWHERE = implode('', $fTWHERE_parts);