[SECURITY] XSS in validateForm
authorMarkus Bucher <markusbucher@gmx.de>
Wed, 15 Aug 2012 10:19:03 +0000 (12:19 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:19:07 +0000 (12:19 +0200)
Properly quote the form name and field list
for the JavaScript validation

Fixes: #25052
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: I98bfef92b5595ab343a49e1cba1d8b2563d1d8aa
Security-Commit: d832f7be6bad577ba0be08a7382b421a433ee07f
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13752
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/cms/tslib/content/class.tslib_content_form.php

index 670c141..d0e58ef 100644 (file)
@@ -838,8 +838,8 @@ class tslib_content_Form extends tslib_content_Abstract {
                        $emailMess = isset($conf['emailMess.'])
                                ? $this->cObj->stdWrap($conf['emailMess'], $conf['emailMess.'])
                                : $conf['emailMess'];
-                       $validateForm = ' onsubmit="return validateForm(\'' . $formName . '\',\'' . implode(',', $fieldlist)
-                               . '\',' . t3lib_div::quoteJSvalue($goodMess) . ',' .
+                       $validateForm = ' onsubmit="return validateForm(' . t3lib_div::quoteJSvalue($formName) . ',' . t3lib_div::quoteJSvalue(implode(',', $fieldlist))
+                               . ',' . t3lib_div::quoteJSvalue($goodMess) . ',' .
                                t3lib_div::quoteJSvalue($badMess) . ',' .
                                t3lib_div::quoteJSvalue($emailMess) . ')"';
                        $GLOBALS['TSFE']->additionalHeaderData['JSFormValidate'] = '<script type="text/javascript" src="' .