[SECURITY] Remove TYPO3 version from installer 04/59104/2
authorBenni Mack <benni@typo3.org>
Tue, 11 Dec 2018 09:57:24 +0000 (10:57 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 11 Dec 2018 09:57:26 +0000 (10:57 +0100)
When installing TYPO3, the current version
is shown without any kind of authentication
provided (no FIRST_INSTALL). This information
disclosure is solved.

Resolves: #86254
Releases: master, 8.7, 7.6
Security-Commit: a69d09ab4eabd0474f0191f5daf525d91ebaa32f
Security-Bulletin: TYPO3-CORE-SA-2018-010
Change-Id: Ib8359937716dce4839d76b054b0d0d549bd4aa0c
Reviewed-on: https://review.typo3.org/59104
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/install/Resources/Private/Templates/Installer/MainLayout.html
typo3/sysext/install/Resources/Private/Templates/Layout/MainLayout.html
typo3/sysext/install/Resources/Private/Templates/Login/ShowLogin.html

index 773f2e3..190e7dc 100644 (file)
@@ -1,11 +1,9 @@
-<html xmlns:f="http://typo3.org/ns/TYPO3/CMS/Fluid/ViewHelpers" xmlns:i="http://typo3.org/ns/TYPO3/CMS/Install/ViewHelpers" data-namespace-typo3-fluid="true">
+<html xmlns:f="http://typo3.org/ns/TYPO3/CMS/Fluid/ViewHelpers" data-namespace-typo3-fluid="true">
 <div class="typo3-install-container">
        <div class="typo3-install-content">
                <div class="typo3-install-content-header">
                        <img src="{f:uri.resource(path: 'Images/typo3_orange.svg')}" width="130" class="typo3-install-content-header-logo" />
-                       <h1>
-                               Installing TYPO3 CMS <strong><i:constant name="TYPO3_version" /></strong>
-                       </h1>
+                       <h1>Installing TYPO3 CMS</h1>
                </div>
                <div class="typo3-install-content-progress">
                        <div class="progress t3js-installer-progress">
index 02f6090..7d13607 100644 (file)
@@ -32,7 +32,7 @@
                                        <div class="topbar">
                                                <div class="topbar-header t3js-topbar-header" style="padding-left: 0">
                                                        <div class="topbar-header-site">
-                                                               <a href="" target="_top" title="TYPO3.CMS - 8.7.0-dev">
+                                                               <a href="" target="_top" title="TYPO3.CMS">
                                                                        <span class="topbar-header-site-logo">
                                                                                <img src="{f:uri.resource(path: 'Images/typo3_logo_orange.svg')}" width="22" height="22" title="TYPO3 Content Management System" alt="">
                                                                        </span>
index 79aebc7..12f3ce6 100644 (file)
@@ -3,7 +3,7 @@
 <div class="container">
        <div class="page-header">
                <h1 class="logo-pageheader">
-                       <img src="{f:uri.resource(path: 'Images/typo3_orange.svg')}" width="130" class="logo" /> Site: {siteName} <small>Login to TYPO3 <i:constant name="TYPO3_version" /> Install Tool</small>
+                       <img src="{f:uri.resource(path: 'Images/typo3_orange.svg')}" width="130" class="logo" /> Site: {siteName} <small>Login to TYPO3 Install Tool</small>
                </h1>
        </div>
        <div class="row">