[SECURITY] Prevent XSS in TER download dialog 63/45263/2
authorNicole Cordes <typo3@cordes.co>
Tue, 15 Dec 2015 10:33:22 +0000 (11:33 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 15 Dec 2015 10:33:27 +0000 (11:33 +0100)
Due to the json request format during a TER extension installation,
the EM is susceptible to XSS.

Resolves: #71524
Releases: master, 6.2
Security-Commit: f109bf3ef49b88ed8b39e053b285e8f239210136
Security-Bulletins: TYPO3-CORE-SA-2015-010, 011, 012, 013, 014, 015
Change-Id: Ib47ec9f715578871d3c1a67aaca2b99d27a07f8e
Reviewed-on: https://review.typo3.org/45263
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/extensionmanager/Resources/Private/Partials/List/UnresolvedDependencies.html

index 58edb4f..4a553e9 100644 (file)
@@ -3,17 +3,17 @@
        <f:for each="{unresolvedDependencies}" key="key" as="messages">
                <f:if condition="{key} == {extension.extensionKey}">
                        <f:for each="{messages}" as="message">
-                               <li>{message.message}</li>
+                               <li>{message.message -> f:format.htmlspecialchars()}</li>
                        </f:for>
                </f:if>
        </f:for>
        <f:for each="{unresolvedDependencies}" key="key" as="messages">
                <f:if condition="{key} != {extension.extensionKey}">
                        <li>
-                               <strong><f:translate key="dependencyCheck.requiredExtension" arguments="{key: key}" /></strong>
+                               <strong>{f:translate(key: 'dependencyCheck.requiredExtension', arguments: {key: key}) -> f:format.htmlspecialchars()}</strong>
                                <ul>
                                        <f:for each="{messages}" as="message">
-                                               <li>{message.message}</li>
+                                               <li>{message.message -> f:format.htmlspecialchars()}</li>
                                        </f:for>
                                </ul>
                        </li>