[SECURITY] Prevent XSS in TER download dialog 75/45275/2
authorNicole Cordes <typo3@cordes.co>
Tue, 15 Dec 2015 10:36:13 +0000 (11:36 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 15 Dec 2015 10:36:19 +0000 (11:36 +0100)
Due to the json request format during a TER extension installation,
the EM is susceptible to XSS.

Resolves: #71524
Releases: master, 6.2
Security-Commit: 45f7ec93279bff9cbbde1d76a5947b73adce81ab
Security-Bulletins: TYPO3-CORE-SA-2015-010, 011, 012, 013, 014, 015
Change-Id: I0e555c4e711c2d3f956b74ca53b0c0534c131724
Reviewed-on: https://review.typo3.org/45275
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/extensionmanager/Resources/Private/Partials/List/UnresolvedDependencies.html

index 48ac8d6..8434b4c 100644 (file)
@@ -3,17 +3,17 @@
        <f:for each="{unresolvedDependencies}" key="key" as="messages">
                <f:if condition="{key} == {extension.extensionKey}">
                        <f:for each="{messages}" as="message">
-                               <li>{message.message}</li>
+                               <li>{message.message -> f:format.htmlspecialchars()}</li>
                        </f:for>
                </f:if>
        </f:for>
        <f:for each="{unresolvedDependencies}" key="key" as="messages">
                <f:if condition="{key} != {extension.extensionKey}">
                        <li>
-                               <strong><f:translate key="dependencyCheck.requiredExtension" arguments="{key: key}" /></strong>
+                               <strong>{f:translate(key: 'dependencyCheck.requiredExtension', arguments: {key: key}) -> f:format.htmlspecialchars()}</strong>
                                <ul>
                                        <f:for each="{messages}" as="message">
-                                               <li>{message.message}</li>
+                                               <li>{message.message -> f:format.htmlspecialchars()}</li>
                                        </f:for>
                                </ul>
                        </li>