Fixed bug #15254: Extension Manager allows to edit arbitrary files if noEdit flag...
authorOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 09:07:41 +0000 (09:07 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 09:07:41 +0000 (09:07 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@8390 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/sysext/em/mod1/class.em_index.php

index 2e90add..1217724 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,7 @@
        * Fixed bug #13989: Mitigate PHP's RNG vulnerability (thanks to Marcus Krause and Helmut Hummel)
        * Fixed bug #12739: XSS in shortcuts (thanks to Francois Suter and Georg Ringer)
        * Fixed bug #13885: XSS in indexed search BE module (thanks to Benjamin Mack)
+       * Fixed bug #15254: Extension Manager allows to edit arbitrary files if noEdit flag is not set (thanks to Helmut Hummel)
 
 2010-07-27  Steffen Kamper  <steffen@typo3.org>
 
index a189556..d15b979 100644 (file)
@@ -2305,7 +2305,7 @@ EXTENSION KEYS:
 
                                // Editing extension file:
                                $editFile = $this->CMD['editFile'];
-                               if (t3lib_div::isFirstPartOfStr($editFile,PATH_site) && t3lib_div::isFirstPartOfStr($editFile,$absPath))        {       // Paranoia...
+                               if (t3lib_div::isAllowedAbsPath($editFile) && t3lib_div::isFirstPartOfStr($editFile, $absPath)) {
 
                                        $fI = t3lib_div::split_fileref($editFile);
                                        if (@is_file($editFile) && t3lib_div::inList($this->editTextExtensions,($fI['fileext']?$fI['fileext']:$fI['filebody'])))        {
@@ -2401,7 +2401,7 @@ EXTENSION KEYS:
                                        }
                                } else {
                                        die (sprintf($GLOBALS['LANG']->getLL('ext_details_fatal_edit_error'),
-                                                       $editFile
+                                                       htmlspecialchars($editFile)
                                                )
                                        );
                                }