[!!!][SECURITY] XSS in filelink element
authorGeorg Ringer <mail@ringerge.org>
Wed, 28 Mar 2012 11:56:54 +0000 (13:56 +0200)
committerOliver Hader <oliver@typo3.org>
Wed, 28 Mar 2012 11:56:56 +0000 (13:56 +0200)
Add escaping to description and file name of file link content element.
Warning: There is no longer HTML possible in description!

Change-Id: Id9da65e927080db4e548811f9a82e0cf7e88e214
Fixes: #25246
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Review: http://review.typo3.org/7236
Security-Commit: a4006c10b5ac505a951131bbe3166a4271c62268
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10038
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/css_styled_content/pi1/class.tx_cssstyledcontent_pi1.php
typo3/sysext/css_styled_content/static/v3.8/setup.txt
typo3/sysext/css_styled_content/static/v3.9/setup.txt
typo3/sysext/css_styled_content/static/v4.2/setup.txt
typo3/sysext/css_styled_content/static/v4.3/setup.txt
typo3/sysext/css_styled_content/static/v4.4/setup.txt
typo3/sysext/css_styled_content/static/v4.5/setup.txt
typo3/sysext/css_styled_content/static/v4.6/setup.txt

index a8a6dd8..b378f76 100755 (executable)
@@ -1244,7 +1244,7 @@ class tx_cssstyledcontent_pi1 extends tslib_pibase {
                        $linkText = substr($linkText, 0, $pos);
                }
                $links[1] = str_replace(
-                       '>' . $fileName . '<', '>' . $linkText . '<', $links[1]
+                       '>' . $fileName . '<', '>' . htmlspecialchars($linkText) . '<', $links[1]
                );
                return $links;
        }
index d411764..ad4ea30 100644 (file)
@@ -585,6 +585,7 @@ tt_content.uploads {
                                data = register:description
                                wrap = <p class="csc-uploads-description">|</p>
                                required = 1
+                               htmlSpecialChars = 1
                        }
 
                        30 = TEXT
index 52d2175..e4d4f14 100644 (file)
@@ -678,6 +678,7 @@ tt_content.uploads {
                                data = register:description
                                wrap = <p class="csc-uploads-description">|</p>
                                required = 1
+                               htmlSpecialChars = 1
                        }
 
                        30 = TEXT
index 296415b..084b579 100644 (file)
@@ -694,6 +694,7 @@ tt_content.uploads {
                                data = register:description
                                wrap = <p class="csc-uploads-description">|</p>
                                required = 1
+                               htmlSpecialChars = 1
                        }
 
                        30 = TEXT
index b372179..dcb40dd 100644 (file)
@@ -862,6 +862,7 @@ tt_content.uploads {
                                data = register:description
                                wrap = <p class="csc-uploads-description">|</p>
                                required = 1
+                               htmlSpecialChars = 1
                        }
 
                        30 = TEXT
index f634319..1915d96 100644 (file)
@@ -869,6 +869,7 @@ tt_content.uploads {
                                data = register:description
                                wrap = <p class="csc-uploads-description">|</p>
                                required = 1
+                               htmlSpecialChars = 1
                        }
 
                        30 = TEXT
@@ -1768,4 +1769,3 @@ plugin.tx_cssstyledcontent._CSS_DEFAULT_STYLE (
        /* Fix for unordered and ordered list with image "In text, left" */
        .csc-textpic-intext-left ol, .csc-textpic-intext-left ul {padding-left: 40px; overflow: auto; }
 )
-
index 695937a..799bfea 100644 (file)
@@ -874,6 +874,7 @@ tt_content.uploads {
                        20.2 {
                                data = register:description
                                wrap = <p class="csc-uploads-description">|</p>
+                               htmlSpecialChars = 1
                                required = 1
                        }
 
@@ -1834,4 +1835,3 @@ plugin.tx_cssstyledcontent._CSS_DEFAULT_STYLE (
        /* Fix for unordered and ordered list with image "In text, left" */
        .csc-textpic-intext-left ol, .csc-textpic-intext-left ul {padding-left: 40px; overflow: auto; }
 )
-
index 5a2c413..fb6b7e0 100644 (file)
@@ -879,6 +879,7 @@ tt_content.uploads {
                                data = register:description
                                wrap = <p class="csc-uploads-description">|</p>
                                required = 1
+                               htmlSpecialChars = 1
                        }
 
                        30 = TEXT