[SECURITY] XSS in validateForm
authorMarkus Bucher <markusbucher@gmx.de>
Wed, 15 Aug 2012 10:21:56 +0000 (12:21 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:22:02 +0000 (12:22 +0200)
Properly quote the form name and field list
for the JavaScript validation

Fixes: #25052
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: I328a3a39e3034c55de96d403994a450d9397f389
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13772
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/cms/tslib/content/class.tslib_content_form.php

index 23a6798..35090eb 100644 (file)
@@ -855,8 +855,8 @@ class tslib_content_Form extends tslib_content_Abstract {
                        $emailMess = isset($conf['emailMess.'])
                                ? $this->cObj->stdWrap($conf['emailMess'], $conf['emailMess.'])
                                : $conf['emailMess'];
-                       $validateForm = ' onsubmit="return validateForm(\'' . $formName . '\',\'' . implode(',', $fieldlist)
-                               . '\',' . t3lib_div::quoteJSvalue($goodMess) . ',' .
+                       $validateForm = ' onsubmit="return validateForm(' . t3lib_div::quoteJSvalue($formName) . ',' . t3lib_div::quoteJSvalue(implode(',', $fieldlist))
+                               . ',' . t3lib_div::quoteJSvalue($goodMess) . ',' .
                                t3lib_div::quoteJSvalue($badMess) . ',' .
                                t3lib_div::quoteJSvalue($emailMess) . ')"';
                        $GLOBALS['TSFE']->additionalHeaderData['JSFormValidate'] = '<script type="text/javascript" src="' .