Fixed bug #14858: imageLinkWrap.JSwindow triggers XSS warning or Fails (thanks to...
authorSusanne Moog <typo3@susannemoog.de>
Fri, 16 Jul 2010 16:56:16 +0000 (16:56 +0000)
committerSusanne Moog <typo3@susannemoog.de>
Fri, 16 Jul 2010 16:56:16 +0000 (16:56 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@8198 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/sysext/cms/tslib/class.tslib_content.php
typo3/sysext/cms/tslib/showpic.php

index 6c3de48..1cc50ff 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2010-07-16  Susanne Moog  <typo3@susanne-moog.de>
+
+       * Fixed bug #14858: imageLinkWrap.JSwindow triggers XSS warning or Fails (thanks to Jigal van Hemert)
+
 2010-07-16  Xavier Perseguers  <typo3@perseguers.ch>
 
        * Fixed bug #14818: t3lib_db->listQuery() performance (thanks to Caspar Stuebs)
index 5962e6a..e0aeea6 100644 (file)
@@ -3170,21 +3170,33 @@ class tslib_cObj {
                                if ($conf['sample']) {$params.='&sample=1';}
                                if ($conf['alternativeTempPath']) {$params.='&alternativeTempPath='.rawurlencode($conf['alternativeTempPath']);}
 
-                               if ($conf['bodyTag']) {$params.='&bodyTag='.rawurlencode($conf['bodyTag']);}
-                               if ($conf['title']) {$params.='&title='.rawurlencode($conf['title']);}
-                               if ($conf['wrap']) {$params.='&wrap='.rawurlencode($conf['wrap']);}
+                               // includes lines above in cache
+                               $showPicContent = '
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+
+<html>
+<head>
+       <title>' . htmlspecialchars($conf['title'] ? $conf['title'] : 'Image') . '</title>
+       ' . ($conf['title'] ? '' : '<meta name="robots" content="noindex,follow" />') . '
+</head>
+               ' . ($conf['bodyTag'] ? $conf['bodyTag'] : '<body>');
+
+                               $wrapParts = explode('|', $conf['wrap']);
+                               $showPicContent .= trim($wrapParts[0]) . '###IMAGE###' . trim($wrapParts[1]);
+                               $showPicContent .= '
+               </body>
+               </html>';
+                               $contentHash = md5('showpic' . $showPicContent);
+                               t3lib_pageSelect::storeHash($contentHash, $showPicContent, 'showpic');
 
                                $md5_value = md5(
-                                               $imageFile.'|'.
-                                               $conf['width'].'|'.
-                                               $conf['height'].'|'.
-                                               $conf['effects'].'|'.
-                                               $conf['bodyTag'].'|'.
-                                               $conf['title'].'|'.
-                                               $conf['wrap'].'|'.
-                                               $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'].'|');
-
-                               $params.= '&md5='.$md5_value;
+                                               $imageFile . '|' .
+                                               $conf['width'] . '|' .
+                                               $conf['height'] . '|' .
+                                               $conf['effects'] . '||||' .
+                                               $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'] . '|');
+
+                               $params .= '&md5=' . $md5_value . '&contentHash=' . $contentHash;
                                $url = $GLOBALS['TSFE']->absRefPrefix.'index.php?eID=tx_cms_showpic&file='.rawurlencode($imageFile).$params;
                                if ($conf['JSwindow.']['altUrl'] || $conf['JSwindow.']['altUrl.'])      {
                                        $altUrl = $this->stdWrap($conf['JSwindow.']['altUrl'], $conf['JSwindow.']['altUrl.']);
index 9f845e7..3848bc4 100644 (file)
@@ -98,6 +98,9 @@ $TYPO3_DB = t3lib_div::makeInstance('t3lib_DB');
 # NOTICE: ALL LINES above can be commented out since this script is now used via the ?eID=tx_cms_showpic parameter passed to index.php!
 # For backwards compatibility in extensions using showpic.php directly this is kept for the version 4.0 until 4.5 where it is planned removed!
 
+# NOTICE: The script below is still backwards compatible with the situation in 4.4.0 with 4.5 the parts using bodyTag, wrap and title to build
+# the HTML can be removed!
+
 if (!defined ('PATH_typo3conf'))       die ('The configuration path was not properly defined!');
 require_once(PATH_t3lib.'class.t3lib_stdgraphic.php');
 
@@ -128,6 +131,7 @@ class SC_tslib_showpic {
        var $title;
        var $wrap;
        var $md5;
+       var $contentHash;
 
        /**
         * Init function, setting the input vars in the global space.
@@ -147,6 +151,7 @@ class SC_tslib_showpic {
                $this->title = t3lib_div::_GP('title');
                $this->wrap = t3lib_div::_GP('wrap');
                $this->md5 = t3lib_div::_GP('md5');
+               $this->contentHash = t3lib_div::_GP('contentHash');
 
                // ***********************
                // Check parameters
@@ -171,6 +176,27 @@ class SC_tslib_showpic {
                        die('Parameter Error: Wrong parameters sent.');
                }
 
+                       // Need to connect to database, because this is used (typo3temp_db_tracking, cached image dimensions).
+               $GLOBALS['TYPO3_DB']->sql_pconnect(TYPO3_db_host, TYPO3_db_username, TYPO3_db_password);
+               $GLOBALS['TYPO3_DB']->sql_select_db(TYPO3_db);
+               if (TYPO3_UseCachingFramework) {
+                       $GLOBALS['typo3CacheManager'] = t3lib_div::makeInstance('t3lib_cache_Manager');
+                       $GLOBALS['typo3CacheFactory'] = t3lib_div::makeInstance('t3lib_cache_Factory');
+                       $GLOBALS['typo3CacheFactory']->setCacheManager($GLOBALS['typo3CacheManager']);
+
+                       t3lib_cache::initPageCache();
+                       t3lib_cache::initPageSectionCache();
+                       t3lib_cache::initContentHashCache();
+               }
+
+                       // Check for the new content cache hash
+               if (strlen(t3lib_div::_GP('contentHash')) > 0) {
+                       $this->content = t3lib_pageSelect::getHash($this->contentHash);
+                       if (is_null($this->content)) {
+                               die('Parameter Error: Content not available.');
+                       }
+               }
+
                // ***********************
                // Check the file. If must be in a directory beneath the dir of this script...
                // $this->file remains unchanged, because of the code in stdgraphic, but we do check if the file exists within the current path
@@ -202,10 +228,6 @@ class SC_tslib_showpic {
                        $img->tempPath = $this->alternativeTempPath;
                }
 
-               // Need to connect to database, because this is used (typo3temp_db_tracking, cached image dimensions).
-               $GLOBALS['TYPO3_DB']->sql_pconnect(TYPO3_db_host, TYPO3_db_username, TYPO3_db_password);
-               $GLOBALS['TYPO3_DB']->sql_select_db(TYPO3_db);
-
                if (strstr($this->width.$this->height, 'm')) {$max='m';} else {$max='';}
 
                $this->height = t3lib_div::intInRange($this->height,0);
@@ -213,9 +235,14 @@ class SC_tslib_showpic {
                if ($this->frame)       {$this->frame = intval($this->frame);}
                $imgInfo = $img->imageMagickConvert($this->file,'web',$this->width.$max,$this->height,$img->IMparams($this->effects),$this->frame,'');
 
-                       // Create HTML output:
-               $this->content='';
-               $this->content.='
+               if (strlen($this->content) > 0) {
+                               // insert image in cached HTML content
+                       if (is_array($imgInfo)) {
+                               $this->content = str_replace('###IMAGE###', $img->imgTag($imgInfo), $this->content);
+                       }
+               } else {
+                               // Create HTML output:
+                       $this->content .= '
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 
 <html>
@@ -225,13 +252,14 @@ class SC_tslib_showpic {
 </head>
                '.($this->bodyTag ? $this->bodyTag : '<body>');
 
-               if (is_array($imgInfo)) {
-                       $wrapParts = explode('|',$this->wrap);
-                       $this->content.=trim($wrapParts[0]).$img->imgTag($imgInfo).trim($wrapParts[1]);
-               }
-               $this->content.='
+                       if (is_array($imgInfo)) {
+                               $wrapParts = explode('|', $this->wrap);
+                               $this->content .= trim($wrapParts[0]) . $img->imgTag($imgInfo) . trim($wrapParts[1]);
+                       }
+                       $this->content .= '
                </body>
                </html>';
+               }
        }
 
        /**