Fixed bug #13957: XSS in template analyzer (thanks to Georg Ringer)
authorOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 08:59:44 +0000 (08:59 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 08:59:44 +0000 (08:59 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@8358 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/sysext/tstemplate_analyzer/class.tx_tstemplateanalyzer.php

index 0dee93c..3a482f5 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,7 @@
        * Fixed bug #13961: XSS in impexp (thanks to Georg Ringer)
        * Fixed bug #13958: XSS in BE Log (thanks to Georg Ringer)
        * Fixed bug #14317: XSS in Extension Manager (thanks to Georg Ringer)
+       * Fixed bug #13957: XSS in template analyzer (thanks to Georg Ringer)
 
 2010-07-27  Steffen Kamper  <steffen@typo3.org>
 
index 48fdd8b..ba75f08 100644 (file)
@@ -166,14 +166,14 @@ class tx_tstemplateanalyzer extends t3lib_extobjbase {
                                reset($tmpl->clearList_const);
                                foreach ($tmpl->constants as $key => $val) {
                                        $cVal = current($tmpl->clearList_const);
-                                       if ($cVal == t3lib_div::_GET('template') || t3lib_div::_GET('template') == "all")       {
+                                       if ($cVal == t3lib_div::_GET('template') || t3lib_div::_GET('template') == 'all') {
                                                $theOutput .= '
                                                        <tr>
-                                                               <td><img src="clear.gif" width="3" height="1" /></td><td class="bgColor2"><strong>' . $tmpl->templateTitles[$cVal] . '</strong></td></tr>
+                                                               <td><img src="clear.gif" width="3" height="1" /></td><td class="bgColor2"><strong>' . htmlspecialchars($tmpl->templateTitles[$cVal]) . '</strong></td></tr>
                                                        <tr>
                                                                <td><img src="clear.gif" width="3" height="1" /></td>
-                                                               <td class="bgColor2"><table border=0 cellpadding=0 cellspacing=0 class="bgColor0" width="100%"><tr><td nowrap>' .
-                                                               $tmpl->ext_outputTS(array($val), $this->pObj->MOD_SETTINGS["ts_analyzer_checkLinenum"], $this->pObj->MOD_SETTINGS["ts_analyzer_checkComments"], $this->pObj->MOD_SETTINGS["ts_analyzer_checkCrop"], $this->pObj->MOD_SETTINGS["ts_analyzer_checkSyntax"], $this->pObj->MOD_SETTINGS["ts_analyzer_checkSyntaxBlockmode"]) .
+                                                               <td class="bgColor2"><table border="0" cellpadding="0" cellspacing="0" class="bgColor0" width="100%"><tr><td nowrap="nowrap">' .
+                                                               $tmpl->ext_outputTS(array($val), $this->pObj->MOD_SETTINGS['ts_analyzer_checkLinenum'], $this->pObj->MOD_SETTINGS['ts_analyzer_checkComments'], $this->pObj->MOD_SETTINGS['ts_analyzer_checkCrop'], $this->pObj->MOD_SETTINGS['ts_analyzer_checkSyntax'], $this->pObj->MOD_SETTINGS['ts_analyzer_checkSyntaxBlockmode']) .
                                                                '</td></tr></table>
                                                                </td>
                                                        </tr>
@@ -204,13 +204,13 @@ class tx_tstemplateanalyzer extends t3lib_extobjbase {
 
                                reset($tmpl->clearList_setup);
                                foreach ($tmpl->config as $key => $val) {
-                                       if (current($tmpl->clearList_setup) == t3lib_div::_GET('template') || t3lib_div::_GET('template') == "all")     {
+                                       if (current($tmpl->clearList_setup) == t3lib_div::_GET('template') || t3lib_div::_GET('template') == 'all') {
                                                $theOutput .= '
                                                        <tr>
-                                                               <td><img src="clear.gif" width="3" height="1" /></td><td class="bgColor2"><strong>' . $tmpl->templateTitles[current($tmpl->clearList_setup)] . '</strong></td></tr>
+                                                               <td><img src="clear.gif" width="3" height="1" /></td><td class="bgColor2"><strong>' . htmlspecialchars($tmpl->templateTitles[current($tmpl->clearList_setup)]) . '</strong></td></tr>
                                                        <tr>
                                                                <td><img src="clear.gif" width="3" height="1" /></td>
-                                                               <td class="bgColor2"><table border=0 cellpadding=0 cellspacing=0 class="bgColor0" width="100%"><tr><td nowrap>'.$tmpl->ext_outputTS(array($val),$this->pObj->MOD_SETTINGS["ts_analyzer_checkLinenum"],$this->pObj->MOD_SETTINGS["ts_analyzer_checkComments"],$this->pObj->MOD_SETTINGS["ts_analyzer_checkCrop"],$this->pObj->MOD_SETTINGS["ts_analyzer_checkSyntax"],$this->pObj->MOD_SETTINGS["ts_analyzer_checkSyntaxBlockmode"]).'</td></tr></table>
+                                                               <td class="bgColor2"><table border="0" cellpadding="0" cellspacing="0" class="bgColor0" width="100%"><tr><td nowrap="nowrap">'.$tmpl->ext_outputTS(array($val),$this->pObj->MOD_SETTINGS['ts_analyzer_checkLinenum'],$this->pObj->MOD_SETTINGS['ts_analyzer_checkComments'],$this->pObj->MOD_SETTINGS['ts_analyzer_checkCrop'],$this->pObj->MOD_SETTINGS['ts_analyzer_checkSyntax'],$this->pObj->MOD_SETTINGS['ts_analyzer_checkSyntaxBlockmode']).'</td></tr></table>
                                                                </td>
                                                        </tr>
                                                ';