Fixed bug #15735: FORM content object is susceptible to XSS (thanks to Benjamin Mack)
authorOliver Hader <oliver.hader@typo3.org>
Thu, 16 Dec 2010 13:40:06 +0000 (13:40 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 16 Dec 2010 13:40:06 +0000 (13:40 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-3@9785 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/sysext/cms/tslib/class.tslib_content.php

index 37cbc60..f6fca3c 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,7 @@
        * Fixed bug #16590: t3lib_TSparser::checkIncludeLines() does not check files to be included (thanks to Fabrizio Branca)
        * Fixed bug #15737: quoteStrForLike does not properly escape strings in sql_mode NO_BACKSLASH_ESCAPES
        * Fixed bug #16653: SQL injection problem in class.db_list.inc (thanks to Jigal van Hemert)
+       * Fixed bug #15735: FORM content object is susceptible to XSS (thanks to Benjamin Mack)
 
 2010-12-01  Oliver Hader  <oliver@typo3.org>
 
index 492ccb6..7734279 100644 (file)
@@ -1809,7 +1809,7 @@ class tslib_cObj {
                        }
                        if ($val && strcspn($val,'#/')) {
                                        // label:
-                               $confData['label'] = trim($parts[0]);
+                               $confData['label'] = t3lib_div::removeXSS(trim($parts[0]));
                                        // field:
                                $fParts = explode(',',$parts[1]);
                                $fParts[0]=trim($fParts[0]);
@@ -1835,6 +1835,7 @@ class tslib_cObj {
                                } else {
                                        $confData['fieldname'] = str_replace(' ','_',trim($typeParts[0]));
                                }
+                               $confData['fieldname'] = htmlspecialchars($confData['fieldname']);
                                $fieldCode='';
 
                                if ($conf['wrapFieldName'])     {