[SECURITY] Page Link Target vulnerable to XSS
authorMarkus Bucher <markusbucher@gmx.de>
Wed, 15 Aug 2012 10:22:05 +0000 (12:22 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:22:12 +0000 (12:22 +0200)
This patch adds htmlspecialchars to page link target to prevent
XSS.

Change-Id: I5e9f07ec7465cd8658c4761328b394559cf9a53b
Fixes: #32653
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 5de8ebf8a53e744fa9ce06a9e02835c7a637a664
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13773
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/cms/tslib/class.tslib_content.php

index 593672b..7aba126 100644 (file)
@@ -6162,7 +6162,7 @@ class tslib_cObj {
                                                }
 
                                                $this->lastTypoLinkTarget = $LD['target'];
-                                               $targetPart = $LD['target'] ? ' target="' . $LD['target'] . '"' : '';
+                                               $targetPart = $LD['target'] ? ' target="' . htmlspecialchars($LD['target']) . '"' : '';
 
                                                        // If sectionMark is set, there is no baseURL AND the current page is the page the link is to, check if there are any additional parameters or addQueryString parameters and if not, drop the url.
                                                if ($sectionMark && !$GLOBALS['TSFE']->config['config']['baseURL']