[SECURITY] XSS in colorpicker wizard 83/26183/2
authorAnja Leichsenring <aleichsenring@ab-softlab.de>
Tue, 10 Dec 2013 09:51:23 +0000 (10:51 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 10 Dec 2013 09:51:28 +0000 (10:51 +0100)
Encode user-input in JavaScript context for colorpicker.

Change-Id: Ia5d181bb74f3cbe2d2b7c75097655f9c7593b70d
Fixes: #42772
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 9fba6ded6247aaa74b974daf1c9bba5eb4aaf028
Security-Bulletin: TYPO3-CORE-SA-2013-004
Reviewed-on: https://review.typo3.org/26183
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/wizard_colorpicker.php

index 304f023..b6ae2ae 100644 (file)
@@ -222,7 +222,7 @@ class SC_wizard_colorpicker {
                                // If the save/close button is clicked, then close:
                        if(t3lib_div::_GP('save_close')) {
                                $content.=$this->doc->wrapScriptTags('
-                                       setValue(\''.$this->colorValue.'\');
+                                       setValue('.t3lib_div::quoteJSvalue($this->colorValue).');
                                        parent.close();
                                ');
                        }