[SECURITY][BUGFIX] Fix a sql injection in beuser
authorGeorg Ringer <georg.ringer@gmail.com>
Fri, 21 Sep 2012 17:09:25 +0000 (19:09 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Fri, 21 Sep 2012 19:24:05 +0000 (21:24 +0200)
Change-Id: Ib6d308b1fe64459beb08f2a53ee1b2cd11386175
Resolves: #41190
Releases: 6.0
Reviewed-on: http://review.typo3.org/14851
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Andy Grunwald
Reviewed-by: Christian Kuhn
Tested-by: Christian Kuhn
typo3/sysext/beuser/Classes/Controller/BackendUserController.php

index 0ddbf3e..ee02ae6 100755 (executable)
@@ -190,7 +190,7 @@ class BackendUserController extends \TYPO3\CMS\Extbase\Mvc\Controller\ActionCont
         * @return void
         */
        protected function terminateBackendUserSessionAction(\TYPO3\CMS\Beuser\Domain\Model\BackendUser $backendUser, $sessionId) {
-               $GLOBALS['TYPO3_DB']->exec_DELETEquery('be_sessions', 'ses_userid = "' . $backendUser->getUid() . '" AND ses_id = "' . $sessionId . '"' . ' LIMIT 1');
+               $GLOBALS['TYPO3_DB']->exec_DELETEquery('be_sessions', 'ses_userid = "' . intval($backendUser->getUid()) . '" AND ses_id = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr($sessionId, 'be_sessions') . ' LIMIT 1');
                if ($GLOBALS['TYPO3_DB']->sql_affected_rows() == 1) {
                        $message = 'Session successfully terminated.';
                        $this->flashMessageContainer->add($message, '', \TYPO3\CMS\Core\Messaging\FlashMessage::OK);