[SECURITY] XSS in new content element wizard 73/30273/2
authorMarkus Klein <klein.t3@mfc-linz.at>
Thu, 22 May 2014 07:31:22 +0000 (09:31 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 22 May 2014 07:31:26 +0000 (09:31 +0200)
Sanitize user-input colPos in new content element wizard.

Change-Id: I13ff938e7320c68c8ad3f88b0cb688bc4d43d839
Fixes: #48695
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 582087ad27cee5365ea36387bba28c1b62212564
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30273
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/cms/layout/db_new_content_el.php

index 67daad0..75fe910 100644 (file)
@@ -186,7 +186,7 @@ class SC_db_new_content_el {
                $this->id = intval(t3lib_div::_GP('id'));
                $this->sys_language = intval(t3lib_div::_GP('sys_language_uid'));
                $this->R_URI = t3lib_div::sanitizeLocalUrl(t3lib_div::_GP('returnUrl'));
-               $this->colPos = t3lib_div::_GP('colPos');
+               $this->colPos = (int)t3lib_div::_GP('colPos');
                $this->uid_pid = intval(t3lib_div::_GP('uid_pid'));
 
                $this->MCONF['name'] = 'xMOD_db_new_content_el';