[SECURITY] Prevent unnecessary unserialize in SuggestWizard 41/50741/2
authorNicole Cordes <typo3@cordes.co>
Tue, 22 Nov 2016 10:09:23 +0000 (11:09 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 22 Nov 2016 10:09:27 +0000 (11:09 +0100)
Resolves: #78557
Releases: 8.4, 7.6, 6.2
Security-Commit: 09cffbbc82fe4c8c4731e4c19cfc0c7c8cb673d4
Security-Bulletins: TYPO3-CORE-SA-2016-023, 024
Change-Id: I2a3c7ea2c8c2f65182956deee0e162ceb83e1874
Reviewed-on: https://review.typo3.org/50741
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/backend/Classes/Form/Wizard/SuggestWizard.php
typo3/sysext/backend/Resources/Public/JavaScript/FormEngineSuggest.js

index 747d00e..6f728a0 100644 (file)
@@ -74,7 +74,7 @@ class SuggestWizard
             // Ff we have a new record, we hand that row over to JS.
             // This way we can properly retrieve the configuration of our wizard
             // if it is shown in a flexform
-            $jsRow = serialize($row);
+            $jsRow = json_encode($row);
         }
 
         $selector = '
@@ -156,7 +156,7 @@ class SuggestWizard
                 $pageId = $row['pid'];
             }
         } else {
-            $row = unserialize($newRecordRow);
+            $row = json_decode($newRecordRow, true);
         }
         $TSconfig = BackendUtility::getPagesTSconfig($pageId);
         $fieldConfig = $GLOBALS['TCA'][$table]['columns'][$field]['config'];
index b9fdbe1..0da69a6 100644 (file)
@@ -22,7 +22,7 @@ define(['jquery', 'jquery/autocomplete'], function ($) {
                        field = $searchField.data('field'),
                        uid = $searchField.data('uid'),
                        pid = $searchField.data('pid'),
-                       newRecordRow = $searchField.data('recorddata'),
+                       newRecordRow = $searchField.attr('data-recorddata'),
                        minimumCharacters = $searchField.data('minchars'),
                        url = TYPO3.settings.ajaxUrls['record_suggest'],
                        params = {