[SECURITY] XSS in validateForm
authorMarkus Bucher <markusbucher@gmx.de>
Wed, 15 Aug 2012 10:17:55 +0000 (12:17 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:17:58 +0000 (12:17 +0200)
Properly quote the form name and field list
for the JavaScript validation

Fixes: #25052
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: I01527117c20e25963951502c2277b853f683fe04
Security-Commit: 20a6486d3027f474fb2352668cdb0fbee5f251f3
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13742
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/cms/tslib/content/class.tslib_content_form.php

index 3f8742a..0d0230c 100644 (file)
@@ -839,8 +839,8 @@ class tslib_content_Form extends tslib_content_Abstract {
                        $emailMess = isset($conf['emailMess.'])
                                ? $this->cObj->stdWrap($conf['emailMess'], $conf['emailMess.'])
                                : $conf['emailMess'];
-                       $validateForm = ' onsubmit="return validateForm(\'' . $formName . '\',\'' . implode(',', $fieldlist)
-                               . '\',' . t3lib_div::quoteJSvalue($goodMess) . ',' .
+                       $validateForm = ' onsubmit="return validateForm(' . t3lib_div::quoteJSvalue($formName) . ',' . t3lib_div::quoteJSvalue(implode(',', $fieldlist))
+                               . ',' . t3lib_div::quoteJSvalue($goodMess) . ',' .
                                t3lib_div::quoteJSvalue($badMess) . ',' .
                                t3lib_div::quoteJSvalue($emailMess) . ')"';
                        $GLOBALS['TSFE']->additionalHeaderData['JSFormValidate'] = '<script type="text/javascript" src="' .