[BUGFIX][SECURITY] XSS vulnerability in BE-User Admin module
authorMarco Bresch <marco.bresch@starfinanz.de>
Wed, 23 Nov 2011 16:34:58 +0000 (17:34 +0100)
committerGeorg Ringer <mail@ringerge.org>
Tue, 29 Nov 2011 06:01:59 +0000 (07:01 +0100)
Fix XSS at column 'workspace membership'.

How to test:
* choose a workspace title like "<b>test</b>"
* assign a user as member to the workspace
* select the BE-module "Admin Tools->User Admin"
* select the checkbox "Workspace membership"
* press update
* take a look at column "Workspace membership"

Change-Id: I278287728db76b256607bcd07f58751553b40868
Fixes: #32040
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/6963
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer
typo3/sysext/beuser/mod/index.php

index 9ddcbf0..a550ba5 100755 (executable)
@@ -1056,7 +1056,7 @@ class local_beUserAuth extends t3lib_beUserAuth {
                        if (count($workspaces)) {
                                foreach ($workspaces as $rec)   {
                                        if ($this->checkWorkspace($rec))        {
-                                               $options[$rec['uid']] = $rec['uid'].': '.$rec['title'];
+                                               $options[$rec['uid']] = $rec['uid'].': '.htmlspecialchars($rec['title']);
 
                                                        // Check if all mount points are accessible, otherwise show error:
                                                if (trim($rec['db_mountpoints'])!=='')  {