[SECURITY] Remove TYPO3 version from installer 88/59088/2
authorBenni Mack <benni@typo3.org>
Tue, 11 Dec 2018 09:55:29 +0000 (10:55 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 11 Dec 2018 09:55:31 +0000 (10:55 +0100)
When installing TYPO3, the current version
is shown without any kind of authentication
provided (no FIRST_INSTALL). This information
disclosure is solved.

Resolves: #86254
Releases: master, 8.7, 7.6
Security-Commit: 03727f3018fabb5ed1cbf2349833d5a97d29e870
Security-Bulletin: TYPO3-CORE-SA-2018-010
Change-Id: I495efeb0e6fe6124515d0cb8b8bba51dd7eaddd9
Reviewed-on: https://review.typo3.org/59088
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/install/Resources/Private/Layouts/Step.html
typo3/sysext/install/Resources/Private/Partials/Action/Common/LoginForm.html
typo3/sysext/install/Resources/Private/Templates/Action/Common/FirstInstall.html
typo3/sysext/install/Resources/Private/Templates/Action/Common/InstallToolPasswordNotSet.html

index 44759a4..bb4a2e2 100644 (file)
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html xmlns:f="http://typo3.org/ns/TYPO3/CMS/Fluid/ViewHelpers" xmlns:i="http://typo3.org/ns/TYPO3/CMS/Install/ViewHelpers">
+<html xmlns:f="http://typo3.org/ns/TYPO3/CMS/Fluid/ViewHelpers">
        <head>
                <title>Installing TYPO3 CMS</title>
                <f:render partial="Action/Common/Headers" arguments="{_all}" />
@@ -7,10 +7,10 @@
        <body>
                <div class="container">
                        <div class="page-header">
-                               <h1 class="logo-pageheader"><img src="../Resources/Public/Images/typo3_orange.svg" width="130" class="logo" /> <small> CMS {typo3Version}</small></h1>
+                               <h1 class="logo-pageheader"><img src="../Resources/Public/Images/typo3_orange.svg" width="130" class="logo" /> <small> CMS</small></h1>
                        </div>
                        <div class="row">
-                               <h2>Installing TYPO3 CMS <i:constant name="TYPO3_version" /></h2>
+                               <h2>Installing TYPO3 CMS</h2>
 
                                <f:if condition="{messages}">
                                        <div id="t3-install-step-execution-messages">
index ae75ce8..060d212 100644 (file)
@@ -2,7 +2,7 @@
 
 <div class="container">
        <div class="page-header">
-               <h1 class="logo-pageheader"><img src="../Resources/Public/Images/typo3_orange.svg" width="130" class="logo" /> Site: {siteName} <small>Login to TYPO3 {typo3Version} Install Tool</small></h1>
+               <h1 class="logo-pageheader"><img src="../Resources/Public/Images/typo3_orange.svg" width="130" class="logo" /> Site: {siteName} <small>Login to TYPO3 Install Tool</small></h1>
        </div>
        <div class="row">
 
index c0ef76a..adc81c3 100644 (file)
@@ -7,7 +7,7 @@
 <body>
 <div class="container">
        <div class="page-header">
-               <h1 class="logo-pageheader"><img src="../Resources/Public/Images/typo3_orange.svg" width="130" class="logo" /> <small> CMS {typo3Version}</small></h1>
+               <h1 class="logo-pageheader"><img src="../Resources/Public/Images/typo3_orange.svg" width="130" class="logo" /> <small> CMS</small></h1>
        </div>
        <div class="row">
                <div class="col-sm-12 col-md-6">
index 13c2646..feb6cf2 100644 (file)
@@ -7,7 +7,7 @@
 <body>
 <div class="container">
        <div class="page-header">
-               <h1 class="logo-pageheader"><img src="../Resources/Public/Images/typo3_orange.svg" width="130" class="logo" /> <small> CMS {typo3Version}</small></h1>
+               <h1 class="logo-pageheader"><img src="../Resources/Public/Images/typo3_orange.svg" width="130" class="logo" /> <small> CMS</small></h1>
        </div>
        <div class="row">
                <div class="col-sm-12 col-md-6">
@@ -30,4 +30,4 @@
        </div>
 </div>
 </body>
-</html>
\ No newline at end of file
+</html>