[!!!][SECURITY] XSS in filelink element
authorGeorg Ringer <mail@ringerge.org>
Wed, 28 Mar 2012 11:54:15 +0000 (13:54 +0200)
committerOliver Hader <oliver@typo3.org>
Wed, 28 Mar 2012 11:54:18 +0000 (13:54 +0200)
Add escaping to description and file name of file link content element.
Warning: There is no longer HTML possible in description!

Change-Id: I709af9bb05d84c5a61448b2d0b6ec8f8a20e5ec5
Fixes: #25246
Security-Commit: 7873e7e96e9a6261096910c342fefdcfa9b431bb
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10005
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/css_styled_content/pi1/class.tx_cssstyledcontent_pi1.php
typo3/sysext/css_styled_content/static/setup.txt
typo3/sysext/css_styled_content/static/v3.8/setup.txt
typo3/sysext/css_styled_content/static/v3.9/setup.txt
typo3/sysext/css_styled_content/static/v4.2/setup.txt
typo3/sysext/css_styled_content/static/v4.3/setup.txt
typo3/sysext/css_styled_content/static/v4.4/setup.txt

index 3e956ac..2ce30fa 100755 (executable)
@@ -983,7 +983,7 @@ class tx_cssstyledcontent_pi1 extends tslib_pibase {
                        $linkText = substr($linkText, 0, $pos);
                }
                $links[1] = str_replace(
-                       '>' . $fileName . '<', '>' . $linkText . '<', $links[1]
+                       '>' . $fileName . '<', '>' . htmlspecialchars($linkText) . '<', $links[1]
                );
                return $links;
        }
index a8bb6e2..d0635cb 100644 (file)
@@ -875,6 +875,7 @@ tt_content.uploads {
                                data = register:description
                                wrap = <p class="csc-uploads-description">|</p>
                                required = 1
+                               htmlSpecialChars = 1
                        }
 
                        30 = TEXT
index 7a85d88..ce650d7 100644 (file)
@@ -585,6 +585,7 @@ tt_content.uploads {
                                data = register:description
                                wrap = <p class="csc-uploads-description">|</p>
                                required = 1
+                               htmlSpecialChars = 1
                        }
 
                        30 = TEXT
index e4a92b2..4b68ca5 100644 (file)
@@ -678,6 +678,7 @@ tt_content.uploads {
                                data = register:description
                                wrap = <p class="csc-uploads-description">|</p>
                                required = 1
+                               htmlSpecialChars = 1
                        }
 
                        30 = TEXT
index 451ec17..d03a1d1 100644 (file)
@@ -694,6 +694,7 @@ tt_content.uploads {
                                data = register:description
                                wrap = <p class="csc-uploads-description">|</p>
                                required = 1
+                               htmlSpecialChars = 1
                        }
 
                        30 = TEXT
index 85e09ec..01b7247 100644 (file)
@@ -862,6 +862,7 @@ tt_content.uploads {
                                data = register:description
                                wrap = <p class="csc-uploads-description">|</p>
                                required = 1
+                               htmlSpecialChars = 1
                        }
 
                        30 = TEXT
index fb65d07..c392625 100644 (file)
@@ -869,6 +869,7 @@ tt_content.uploads {
                                data = register:description
                                wrap = <p class="csc-uploads-description">|</p>
                                required = 1
+                               htmlSpecialChars = 1
                        }
 
                        30 = TEXT