Fixed bug #12630: XSS in filelist module
authorOliver Hader <oliver.hader@typo3.org>
Tue, 23 Feb 2010 10:26:26 +0000 (10:26 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 23 Feb 2010 10:26:26 +0000 (10:26 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@7008 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/class.file_list.inc
typo3/file_newfolder.php
typo3/file_rename.php
typo3/file_upload.php

index 6cff20b..ea77624 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,7 @@
        * Fixed bug #12628: XSS in sysext sys_action (thanks to Georg Ringer)
        * Fixed bug #12634: XSS in the access module (thanks to Georg Ringer)
        * Fixed bug #13558: XSS in t3lib_querygenerator (thanks to Georg Ringer)
+       * Fixed bug #12630: XSS in filelist module (thanks to Marcus Krause & Georg Ringer)
 
 2010-02-22  Benjamin Mack  <benni@typo3.org>
 
index c1541f7..b87de89 100644 (file)
@@ -180,7 +180,7 @@ class fileList extends t3lib_recordList {
                                if ($this->clickMenus) $otherMarkers['PAGE_ICON'] = $GLOBALS['SOBE']->doc->wrapClickMenuOnIcon($otherMarkers['PAGE_ICON'],$path);
 
                                $buttons['level_up'] .= $this->linkWrapDir('<img'.t3lib_iconWorks::skinImg($this->backPath,'gfx/i/folder_up.gif','width="18" height="16"').' title="'.$GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:labels.upOneLevel',1).'" alt="'.$GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:labels.upOneLevel',1).'" />',$theFile['path']);
-                               $otherMarkers['TITLE'] .= t3lib_div::fixed_lgd_cs($title,-($this->fixedL+20));  // No HTML specialchars here - HTML like <b> </b> is allowed
+                               $otherMarkers['TITLE'] .= t3lib_div::removeXSS(t3lib_div::fixed_lgd_cs($title,-($this->fixedL+20)));    // No HTML specialchars here - HTML like <b> </b> is allowed
 
                                // this is the root page
                        } else {
index 3d73fe9..5727d86 100644 (file)
@@ -151,7 +151,7 @@ class SC_file_newfolder {
                $this->shortPath = substr($this->target,strlen($GLOBALS['FILEMOUNTS'][$key]['path']));
 
                        // Setting title:
-               $this->title = $this->icon.$GLOBALS['FILEMOUNTS'][$key]['name'].': '.$this->shortPath;
+               $this->title = $this->icon . htmlspecialchars($GLOBALS['FILEMOUNTS'][$key]['name']) . ': ' . $this->shortPath;
 
                        // Setting template object
                $this->doc = t3lib_div::makeInstance('template');
index 81f2256..40b00a6 100644 (file)
@@ -139,7 +139,7 @@ class SC_file_rename {
                $this->shortPath = substr($this->target,strlen($GLOBALS['FILEMOUNTS'][$key]['path']));
 
                        // Setting title:
-               $this->title = $this->icon.$GLOBALS['FILEMOUNTS'][$key]['name'].': '.$this->shortPath;
+               $this->title = $this->icon . htmlspecialchars($GLOBALS['FILEMOUNTS'][$key]['name']) . ': ' . $this->shortPath;
 
                        // Setting template object
                $this->doc = t3lib_div::makeInstance('template');
index 3a51501..c8d0cbb 100644 (file)
@@ -156,7 +156,7 @@ class SC_file_upload {
                $this->shortPath = substr($this->target, strlen($GLOBALS['FILEMOUNTS'][$key]['path']));
 
                        // Setting title:
-               $this->title = $this->icon . $GLOBALS['FILEMOUNTS'][$key]['name'] . ': ' . $this->shortPath;
+               $this->title = $this->icon . htmlspecialchars($GLOBALS['FILEMOUNTS'][$key]['name']) . ': ' . $this->shortPath;
 
                        // Setting template object
                $this->doc = t3lib_div::makeInstance('template');