[SECURITY] Page Link Target vulnerable to XSS
authorMarkus Bucher <markusbucher@gmx.de>
Wed, 15 Aug 2012 10:19:10 +0000 (12:19 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:19:15 +0000 (12:19 +0200)
This patch adds htmlspecialchars to page link target to prevent
XSS.

Change-Id: I9e1ab1ac22c7bc1225f1d3d3234865e1e603656b
Fixes: #32653
Releases: 6.0, 4.7, 4.6, 4.5
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13753
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/cms/tslib/class.tslib_content.php

index 132caa6..72d504f 100644 (file)
@@ -5870,7 +5870,7 @@ class tslib_cObj {
                                                }
 
                                                $this->lastTypoLinkTarget = $LD['target'];
-                                               $targetPart = $LD['target'] ? ' target="' . $LD['target'] . '"' : '';
+                                               $targetPart = $LD['target'] ? ' target="' . htmlspecialchars($LD['target']) . '"' : '';
 
                                                        // If sectionMark is set, there is no baseURL AND the current page is the page the link is to, check if there are any additional parameters or addQueryString parameters and if not, drop the url.
                                                if ($sectionMark && !$GLOBALS['TSFE']->config['config']['baseURL']