[SECURITY] XSS in (old) extension manager information function 74/30274/2
authorMarc Bastian Heinrichs <typo3@mbh-software.de>
Thu, 22 May 2014 07:31:27 +0000 (09:31 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 22 May 2014 07:31:31 +0000 (09:31 +0200)
Needs to be fixed also in 6.x, but the affected function is not
used anymore.

Change-Id: Iae077221a4a8ef8f3aacaeb9d679cc68e97799bd
Fixes: #54111
Fixes: #54113
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 6b746d50d9ee4fbf2eff3e3e4c0699100be983a2
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30274
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
t3lib/class.t3lib_tsstyleconfig.php
typo3/sysext/em/classes/index.php

index 46188b0..7ceecc7 100644 (file)
@@ -162,7 +162,7 @@ class t3lib_tsStyleConfig extends t3lib_tsparser_ext {
                $content = '';
                $content .= t3lib_div::wrapJS('
                        function uFormUrl(aname) {
-                               document.' . $this->ext_CEformName . '.action = "' . t3lib_div::linkThisScript() . '#"+aname;
+                               document.' . $this->ext_CEformName . '.action = ' . t3lib_div::quoteJSvalue(t3lib_div::linkThisScript() . '#' ) . '+aname;
                        }
                ');
 
index e851b4f..389a7e8 100644 (file)
@@ -587,9 +587,9 @@ class SC_mod_tools_em_index extends t3lib_SCbase {
                }
                // Back
                if (($this->CMD['showExt'] && (!$this->CMD['standAlone'] && !t3lib_div::_GP('standAlone'))) || ($this->CMD['importExt'] || $this->CMD['uploadExt'] && (!$this->CMD['standAlone'])) || $this->CMD['importExtInfo']) {
-                       $buttons['back'] = '<a href="' . t3lib_div::linkThisScript(array(
+                       $buttons['back'] = '<a href="' . htmlspecialchars(t3lib_div::linkThisScript(array(
                                'CMD' => ''
-                       )) . '" class="typo3-goBack" title="' . $GLOBALS['LANG']->getLL('go_back') . '">' .
+                       ))) . '" class="typo3-goBack" title="' . $GLOBALS['LANG']->getLL('go_back') . '">' .
                                        t3lib_iconWorks::getSpriteIcon('actions-view-go-back') .
                                        '</a>';
                }