Fixed bug #14412: Field value added to foreign_table_where by replacing ###REC_FIELD_...
authorOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 09:15:19 +0000 (09:15 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 09:15:19 +0000 (09:15 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@8416 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_befunc.php

index 3b287e5..7620c99 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,7 @@
        * Fixed bug #1985: XSS vulnerability in wizard classes
        * Fixed bug #15223: Password request hash in felogin is created with not enough randomness (thanks to Helmut Hummel)
        * Fixed bug #14712: The GET/POST variable mimeType is used to create the http header content-type without verification (thanks to Rupert Germann)
+       * Fixed bug #14412: Field value added to foreign_table_where by replacing ###REC_FIELD_THE_FIELD_NAME### is not quoted (thanks to Helmut Hummel and Xavier Perseguers)
 
 2010-07-27  Steffen Kamper  <steffen@typo3.org>
 
index 33b15d6..c9e49b7 100644 (file)
@@ -3175,7 +3175,11 @@ final class t3lib_BEfunc {
                        foreach ($fTWHERE_parts as $kk => $vv) {
                                if ($kk) {
                                        $fTWHERE_subpart = explode('###', $vv, 2);
-                                       $fTWHERE_parts[$kk] = $TSconfig['_THIS_ROW'][$fTWHERE_subpart[0]].$fTWHERE_subpart[1];
+                                       if (substr($fTWHERE_parts[0], -1) === '\'' && $fTWHERE_subpart[1]{0} === '\'') {
+                                               $fTWHERE_parts[$kk] = $GLOBALS['TYPO3_DB']->quoteStr($TSconfig['_THIS_ROW'][$fTWHERE_subpart[0]], $foreign_table) . $fTWHERE_subpart[1];
+                                       } else {
+                                               $fTWHERE_parts[$kk] = $GLOBALS['TYPO3_DB']->fullQuoteStr($TSconfig['_THIS_ROW'][$fTWHERE_subpart[0]], $foreign_table) . $fTWHERE_subpart[1];
+                                       }
                                }
                        }
                        $fTWHERE = implode('', $fTWHERE_parts);