[SECURITY] XSS in colorpicker wizard 24/26224/2
authorMarcus Krause <marcus.krause@typo3.org>
Tue, 10 Dec 2013 09:55:10 +0000 (10:55 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 10 Dec 2013 09:55:14 +0000 (10:55 +0100)
Encode user-input in JavaScript context for colorpicker.

Change-Id: I1121d6d20c90e476a2d0ea4f000b180e843a4ce0
Fixes: #42772
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: b6fec0611604ccdce95d4d33cd7dcae0911a5d9a
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26224
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/backend/Classes/Controller/Wizard/ColorpickerController.php

index 7ccd752..d665a13 100644 (file)
@@ -235,7 +235,7 @@ class ColorpickerController {
                        // If the save/close button is clicked, then close:
                        if (GeneralUtility::_GP('save_close')) {
                                $content .= $this->doc->wrapScriptTags('
-                                       setValue(\'' . $this->colorValue . '\');
+                                       setValue(' . GeneralUtility::quoteJSvalue($this->colorValue) . ');
                                        parent.close();
                                ');
                        }