* Fixed bug #12305: XSS vulnerability in view_help.php / tfID parameter (thanks to...
authorErnesto Baschny <ernst@cron-it.de>
Thu, 22 Oct 2009 08:18:03 +0000 (08:18 +0000)
committerErnesto Baschny <ernst@cron-it.de>
Thu, 22 Oct 2009 08:18:03 +0000 (08:18 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@6238 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/view_help.php

index 7208bb9..3c19e40 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@
        * Fixed bug #11586: Potential SQL injection in frontend editing (thanks to Oliver Klee)
        * Fixed bug #12303: XSS vulnerability due to not proper sanitizing in function t3lib_div::quoteJSvalue (thanks to Oliver Klee)
        * Fixed bug #12304: Frame inclusion in the backend through alt_mod_frameset (thanks to Oliver Klee)
+       * Fixed bug #12305: XSS vulnerability in view_help.php / tfID parameter (thanks to Oliver Klee)
 
 2009-10-21  Sebastian Kurfuerst  <sebastian@typo3.org>
 
index 9b1d391..c1a27c9 100644 (file)
@@ -147,6 +147,10 @@ class SC_view_help {
 
                        // Setting GPvars:
                $this->tfID = t3lib_div::_GP('tfID');
+                       // Sanitizes the tfID using whitelisting.
+               if (!preg_match('/^[a-zA-Z0-9_\-\.]*$/', $this->tfID)) {
+                       $this->tfID = '';
+               }
                if (!$this->tfID) {
                        if (($this->ffID = t3lib_div::_GP('ffID'))) {
                                $this->ffID = unserialize(base64_decode($this->ffID));