From 8ebc5128cb3ca439b6746e088992c60fdd7f78f1 Mon Sep 17 00:00:00 2001 From: Marco Bresch Date: Wed, 27 Jul 2011 12:30:04 +0200 Subject: [PATCH] [BUGFIX] XSS in TYPO3 core when using typolink.parameter JS-Popup Window Change-Id: Id1cd396d56358519be2b312d39e25b26cf943253 Resolves: #28189 Reviewed-on: http://review.typo3.org/3765 Reviewed-by: Oliver Hader Tested-by: Oliver Hader --- t3lib/class.t3lib_tstemplate.php | 2 +- typo3/sysext/cms/tslib/class.tslib_content.php | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/t3lib/class.t3lib_tstemplate.php b/t3lib/class.t3lib_tstemplate.php index 719c6f96159a..87898b179eb7 100644 --- a/t3lib/class.t3lib_tstemplate.php +++ b/t3lib/class.t3lib_tstemplate.php @@ -1472,7 +1472,7 @@ class t3lib_TStemplate { // linkVars if ($GLOBALS['TSFE']->config['config']['uniqueLinkVars']) { if ($addParams) { - $LD['linkVars'] = t3lib_div::implodeArrayForUrl('', t3lib_div::explodeUrl2Array($GLOBALS['TSFE']->linkVars . $addParams)); + $LD['linkVars'] = t3lib_div::implodeArrayForUrl('', t3lib_div::explodeUrl2Array($GLOBALS['TSFE']->linkVars . $addParams), '', FALSE, TRUE); } else { $LD['linkVars'] = $GLOBALS['TSFE']->linkVars; } diff --git a/typo3/sysext/cms/tslib/class.tslib_content.php b/typo3/sysext/cms/tslib/class.tslib_content.php index 82ccf6d0d460..d8c01d99b296 100644 --- a/typo3/sysext/cms/tslib/class.tslib_content.php +++ b/typo3/sysext/cms/tslib/class.tslib_content.php @@ -5902,8 +5902,8 @@ class tslib_cObj { $target = ''; } - $onClick = "vHWin=window.open('" . $GLOBALS['TSFE']->baseUrlWrap($finalTagParts['url']) . - "','FEopenLink','" . $JSwindowParams . "');vHWin.focus();return false;"; + $onClick = "vHWin=window.open(" . t3lib_div::quoteJSvalue($GLOBALS['TSFE']->baseUrlWrap($finalTagParts['url'])) . + ",'FEopenLink','" . $JSwindowParams . "');vHWin.focus();return false;"; $res = '