Fixed bug #13885: XSS in indexed search BE module (thanks to Benjamin Mack)
authorOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 09:06:36 +0000 (09:06 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 09:06:36 +0000 (09:06 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@8382 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/sysext/indexed_search/mod/index.php
typo3/sysext/indexed_search/modfunc1/class.tx_indexedsearch_modfunc1.php

index 2068ac1..e378428 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,7 @@
        * Fixed bug #12736: XSS in setup module (thanks to Georg Ringer)
        * Fixed bug #13989: Mitigate PHP's RNG vulnerability (thanks to Marcus Krause and Helmut Hummel)
        * Fixed bug #12739: XSS in shortcuts (thanks to Francois Suter and Georg Ringer)
+       * Fixed bug #13885: XSS in indexed search BE module (thanks to Benjamin Mack)
 
 2010-07-21  Ingo Renner  <ingo@typo3.org>
 
index 55e1eb5..0e6cdb5 100755 (executable)
@@ -439,7 +439,7 @@ class SC_mod_tools_isearch_index {
                reset($arr);
                $list=array();
                while(list($k,$v)=each($arr))   {
-                       $list[]=$k."=".$v;
+                       $list[] = htmlspecialchars($k) . '=' . htmlspecialchars($v);
                }
                return implode("<BR>",$list);
        }
index d473474..fe1e9b9 100755 (executable)
@@ -276,7 +276,7 @@ class tx_indexedsearch_modfunc1 extends t3lib_extobjbase {
                        $code.= $this->indexed_info(
                                                $data['row'],
                                                $data['HTML'].
-                                                       $this->showPageDetails(t3lib_div::fixed_lgd_cs($data['row']['title'], 20),$data['row']['uid'])
+                                                       $this->showPageDetails(t3lib_BEfunc::getRecordTitlePrep($data['row']['title']), $data['row']['uid'])
                                        );
                }