Fixed bug #11618: XSS vulnerability in install tool / BE login (thanks to Georg Ringer)
authorOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 08:53:51 +0000 (08:53 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 08:53:51 +0000 (08:53 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@8328 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/index.php
typo3/sysext/install/mod/class.tx_install.php
typo3/template.php

index 9ae5d11..8eb0bd6 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,7 @@
        * Fixed bug #14953: XSS in (new) taskcenter (thanks to Georg Ringer)
        * Fixed bug #14978: XSS in file tree (thanks to Georg Ringer)
        * Fixed bug #13292: TYPO3 error message reveals path to web root (thanks to Xavier Perseguers)
+       * Fixed bug #11618: XSS vulnerability in install tool / BE login (thanks to Georg Ringer)
 
 2010-07-27  Steffen Kamper  <steffen@typo3.org>
 
index 1b206f8..44a0c5b 100644 (file)
@@ -211,7 +211,7 @@ class SC_index {
                }
 
                        // Starting page:
-               $this->content.=$TBE_TEMPLATE->startPage('TYPO3 Login: '.$TYPO3_CONF_VARS['SYS']['sitename']);
+               $this->content .= $TBE_TEMPLATE->startPage('TYPO3 Login: ' . htmlspecialchars($TYPO3_CONF_VARS['SYS']['sitename']));
 
                        // Add login form:
                $this->content.=$this->wrapLoginForm($loginForm);
@@ -343,7 +343,7 @@ class SC_index {
                        'SITELINK'         => '<a href="/">###SITENAME###</a>',
 
                                // global variables will now be replaced (at last)
-                       'SITENAME'         => $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']
+                       'SITENAME'         => htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'])
                );
                return t3lib_parsehtml::substituteMarkerArray($mainContent, $markers, '###|###');
        }
index 882d55d..2905a3e 100755 (executable)
@@ -471,7 +471,7 @@ REMOTE_ADDR was '".t3lib_div::getIndpEnv('REMOTE_ADDR')."' (".t3lib_div::getIndp
                        // Define the markers content
                $markers = array(
                        'siteName' => 'Site: ' .
-                               $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'],
+                               htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']),
                        'headTitle' => 'Login to TYPO3 ' . TYPO3_version . ' Install Tool',
                        'redirectUrl' => htmlspecialchars($redirect_url),
                        'enterPassword' => 'Password',
@@ -7632,7 +7632,7 @@ $out="
                } else {
                        $this->markers['headTitle'] = '
                                TYPO3 ' . TYPO3_version . '
-                               Install Tool on site: ' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] . '
+                               Install Tool on site: ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']) . '
                        ';
                }
                $this->markers['title'] = 'TYPO3 ' . TYPO3_version;
index 84a3d58..01d1bf8 100644 (file)
@@ -2191,7 +2191,7 @@ $str.=$this->docBodyTagBegin().
                        $title = t3lib_BEfunc::getRecordTitle('pages', $pageRecord);
                } else {        // On root-level of page tree
                                // Make Icon
-                       $iconImg = t3lib_iconWorks::getSpriteIcon('apps-pagetree-root', array('title' => $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']));
+                       $iconImg = t3lib_iconWorks::getSpriteIcon('apps-pagetree-root', array('title' => htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'])));
                        if($BE_USER->user['admin']) {
                                $theIcon = $GLOBALS['SOBE']->doc->wrapClickMenuOnIcon($iconImg, 'pages', 0);
                        } else {