Fixed bug #13885: XSS in indexed search BE module (thanks to Benjamin Mack)
authorOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 09:07:02 +0000 (09:07 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 09:07:02 +0000 (09:07 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@8385 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/sysext/indexed_search/mod/index.php
typo3/sysext/indexed_search/modfunc1/class.tx_indexedsearch_modfunc1.php

index 831e1df..2e90add 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,7 @@
        * Fixed bug #12458: Session fixation possibility in new sesion machanism of the install tool (thanks to Benjamin Mack, Helmut Hummel and Ernesto Baschny)
        * Fixed bug #13989: Mitigate PHP's RNG vulnerability (thanks to Marcus Krause and Helmut Hummel)
        * Fixed bug #12739: XSS in shortcuts (thanks to Francois Suter and Georg Ringer)
+       * Fixed bug #13885: XSS in indexed search BE module (thanks to Benjamin Mack)
 
 2010-07-27  Steffen Kamper  <steffen@typo3.org>
 
index ee47bc6..9271a42 100755 (executable)
@@ -451,7 +451,7 @@ class SC_mod_tools_isearch_index {
        function formatCHash($arr)      {
                $list = array();
                foreach ($arr as $k => $v) {
-                       $list[] = $k . '=' . $v;
+                       $list[] = htmlspecialchars($k) . '=' . htmlspecialchars($v);
                }
                return implode('<br />', $list);
        }
index 1c4ade0..178b0d1 100755 (executable)
@@ -264,7 +264,7 @@ class tx_indexedsearch_modfunc1 extends t3lib_extobjbase {
                        $code.= $this->indexed_info(
                                                $data['row'],
                                                $data['HTML'].
-                                                       $this->showPageDetails(t3lib_div::fixed_lgd_cs($data['row']['title'], 20),$data['row']['uid'])
+                                                       $this->showPageDetails(t3lib_BEfunc::getRecordTitlePrep($data['row']['title']), $data['row']['uid'])
                                        );
                }