[SECURITY] Page Link Target vulnerable to XSS
authorMarkus Bucher <markusbucher@gmx.de>
Wed, 15 Aug 2012 10:18:01 +0000 (12:18 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:18:04 +0000 (12:18 +0200)
This patch adds htmlspecialchars to page link target to prevent
XSS.

Change-Id: Ib8f812f89f892f580fc70300a4e4fa2287559dba
Fixes: #32653
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: f9987febc23355d9a4996eba7ac0039bfe801607
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13743
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/cms/tslib/class.tslib_content.php

index 9f80936..df0077a 100644 (file)
@@ -5877,7 +5877,7 @@ class tslib_cObj {
                                                }
 
                                                $this->lastTypoLinkTarget = $LD['target'];
-                                               $targetPart = $LD['target'] ? ' target="' . $LD['target'] . '"' : '';
+                                               $targetPart = $LD['target'] ? ' target="' . htmlspecialchars($LD['target']) . '"' : '';
 
                                                        // If sectionMark is set, there is no baseURL AND the current page is the page the link is to, check if there are any additional parameters or addQueryString parameters and if not, drop the url.
                                                if ($sectionMark && !$GLOBALS['TSFE']->config['config']['baseURL']