[SECURITY] XSS in Link Validator 93/46693/2
authorSteffen Müller <typo3@t3node.com>
Tue, 16 Feb 2016 10:43:23 +0000 (11:43 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 16 Feb 2016 10:43:46 +0000 (11:43 +0100)
Properly escape error message when showing broken links
in EXT:linkvalidator

Resolves: #72240
Releases: master, 7.6, 6.2
Security-Commit: af8f931d4209735c7118b09b0eccadbb116197ab
Security-Bulletinsp: TYPO3-CORE-SA-2016-001, 002, 003, 004
Change-Id: Ifb1b76a27fbd27260f386a6801e8c9d1c018a95f
Reviewed-on: https://review.typo3.org/46693
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/linkvalidator/Classes/Linktype/InternalLinktype.php
typo3/sysext/linkvalidator/Classes/Report/LinkValidatorReport.php

index 9987298..d6c1be4 100644 (file)
@@ -278,7 +278,7 @@ class InternalLinktype extends \TYPO3\CMS\Linkvalidator\Linktype\AbstractLinktyp
                        }
                }
                if (isset($errorPage) && isset($errorContent)) {
-                       $response = $errorPage . '<br />' . $errorContent;
+                       $response = $errorPage . LF . $errorContent;
                } elseif (isset($errorPage)) {
                        $response = $errorPage;
                } elseif (isset($errorContent)) {
index 2acf6d8..9cfdccc 100644 (file)
@@ -549,7 +549,17 @@ class LinkValidatorReport extends \TYPO3\CMS\Backend\Module\AbstractFunctionModu
                if ($response['valid']) {
                        $linkMessage = '<span style="color: green;">' . htmlspecialchars($GLOBALS['LANG']->getLL('list.msg.ok')) . '</span>';
                } else {
-                       $linkMessage = '<span style="color: red;">' . $hookObj->getErrorMessage($response['errorParams']) . '</span>';
+                       $linkMessage = '<span style="color: red;">'
+                               . nl2br(
+                                       // Encode for output
+                                       htmlspecialchars(
+                                               $hookObj->getErrorMessage($response['errorParams']),
+                                               ENT_QUOTES,
+                                               'UTF-8',
+                                               FALSE
+                                       )
+                               )
+                               . '</span>';
                }
                $markerArray['linkmessage'] = $linkMessage;
                $lastRunDate = date($GLOBALS['TYPO3_CONF_VARS']['SYS']['ddmmyy'], $row['last_check']);