[SECURITY] Remove TYPO3 version from installer 96/59096/2
authorBenni Mack <benni@typo3.org>
Tue, 11 Dec 2018 09:56:30 +0000 (10:56 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 11 Dec 2018 09:56:32 +0000 (10:56 +0100)
When installing TYPO3, the current version
is shown without any kind of authentication
provided (no FIRST_INSTALL). This information
disclosure is solved.

Resolves: #86254
Releases: master, 8.7, 7.6
Security-Commit: c7f8829609ac20081500ea486eb74a11428313dd
Security-Bulletin: TYPO3-CORE-SA-2018-010
Change-Id: I7358f181e5b93c596aa460040dee53a1485f3759
Reviewed-on: https://review.typo3.org/59096
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/install/Resources/Private/Layouts/Step.html
typo3/sysext/install/Resources/Private/Partials/Action/Common/LoginForm.html
typo3/sysext/install/Resources/Private/Templates/Action/Common/FirstInstall.html
typo3/sysext/install/Resources/Private/Templates/Action/Common/InstallToolPasswordNotSet.html

index 0f2b7ba..59241be 100644 (file)
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html xmlns:f="http://typo3.org/ns/TYPO3/CMS/Fluid/ViewHelpers" xmlns:i="http://typo3.org/ns/TYPO3/CMS/Install/ViewHelpers">
+<html xmlns:f="http://typo3.org/ns/TYPO3/CMS/Fluid/ViewHelpers">
        <head>
                <title>Installing TYPO3 CMS</title>
                <f:render partial="Action/Common/Headers" arguments="{_all}" />
@@ -7,10 +7,10 @@
        <body>
                <div class="container">
                        <div class="page-header">
-                               <h1 class="logo-pageheader"><img src="{f:uri.resource(path: 'Images/typo3_orange.svg')}" width="130" class="logo" /> <small> CMS {typo3Version}</small></h1>
+                               <h1 class="logo-pageheader"><img src="{f:uri.resource(path: 'Images/typo3_orange.svg')}" width="130" class="logo" /> <small> CMS</small></h1>
                        </div>
                        <div class="row">
-                               <h2>Installing TYPO3 CMS <i:constant name="TYPO3_version" /></h2>
+                               <h2>Installing TYPO3 CMS</h2>
 
                                <f:if condition="{messages}">
                                        <div id="t3-install-step-execution-messages">
index 68ad256..26d8c6a 100644 (file)
@@ -2,7 +2,7 @@
 
 <div class="container">
        <div class="page-header">
-               <h1 class="logo-pageheader"><img src="{f:uri.resource(path: 'Images/typo3_orange.svg')}" width="130" class="logo" /> Site: {siteName} <small>Login to TYPO3 {typo3Version} Install Tool</small></h1>
+               <h1 class="logo-pageheader"><img src="{f:uri.resource(path: 'Images/typo3_orange.svg')}" width="130" class="logo" /> Site: {siteName} <small>Login to TYPO3 Install Tool</small></h1>
        </div>
        <div class="row">
 
index 3e261d5..fff2a6d 100644 (file)
@@ -7,7 +7,7 @@
 <body>
 <div class="container">
        <div class="page-header">
-               <h1 class="logo-pageheader"><img src="{f:uri.resource(path: 'Images/typo3_orange.svg')}" width="130" class="logo" /> <small> CMS {typo3Version}</small></h1>
+               <h1 class="logo-pageheader"><img src="{f:uri.resource(path: 'Images/typo3_orange.svg')}" width="130" class="logo" /> <small> CMS</small></h1>
        </div>
        <div class="row">
                <div class="col-sm-12 col-md-6">
index 94082b1..64d3c30 100644 (file)
@@ -7,7 +7,7 @@
 <body>
 <div class="container">
        <div class="page-header">
-               <h1 class="logo-pageheader"><img src="{f:uri.resource(path: 'Images/typo3_orange.svg')}" width="130" class="logo" /> <small> CMS {typo3Version}</small></h1>
+               <h1 class="logo-pageheader"><img src="{f:uri.resource(path: 'Images/typo3_orange.svg')}" width="130" class="logo" /> <small> CMS</small></h1>
        </div>
        <div class="row">
                <div class="col-sm-12 col-md-6">