From ab824f0bad72544e1ae2388f77afa4f59d591756 Mon Sep 17 00:00:00 2001
From: Michael Stucki <michael.stucki@typo3.org>
Date: Mon, 16 Jul 2007 14:50:31 +0000
Subject: [PATCH] * Fixed possible XSS in workspace/version modules (requires
 valid BE login / patch by Christian Kuhn) * Removed possible display of
 phpinfo() (requires bug in extension to be unveiled)

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@2428 709f56b5-9817-0410-a4d7-c38de5d9e867
---
 ChangeLog                             |  5 +++++
 typo3/init.php                        | 23 ++++++++++++++++-------
 typo3/mod/user/ws/class.wslib_gui.php |  2 +-
 typo3/sysext/version/cm1/index.php    |  2 +-
 4 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 42c1d775bc64..832e604c4020 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2007-07-16  Michael Stucki  <michael@typo3.org>
+
+	* Fixed possible XSS in workspace/version modules (requires valid BE login / patch by Christian Kuhn)
+	* Removed possible display of phpinfo() (requires bug in extension to be unveiled)
+
 2007-07-16  Oliver Hader  <oh@inpublica.de>
 
 	* Fixed bug #5556: IRRE - RTE in child elements overwrites field in parent element
diff --git a/typo3/init.php b/typo3/init.php
index 65a0403f0607..09b7fd309341 100755
--- a/typo3/init.php
+++ b/typo3/init.php
@@ -106,15 +106,24 @@ if (!$temp_path || substr($temp_path,-strlen(TYPO3_mainDir))!=TYPO3_mainDir)	{	/
 		}
 	}
 
-	echo ('Error in init.php: Path to TYPO3 main dir could not be resolved correctly. <br /><br />
-		This happens if the last '.strlen(TYPO3_mainDir).' characters of this path, '.$temp_path.', (\$temp_path) is NOT "'.TYPO3_mainDir.'" for some reason. <br />
+	echo 'Error in init.php: Path to TYPO3 main dir could not be resolved correctly. <br /><br />';
+
+	echo '<font color="red"><strong>';
+	if (strstr($temp_path,'typo3_src')) {
+		echo 'It seems you are trying to run the TYPO3 source libraries DIRECTLY! You cannot do that.<br />
+		Please read the installation documents for more information.';
+	} else {
+		echo 'This happens if the last '.strlen(TYPO3_mainDir).' characters of this path, '.$temp_path.' ($temp_path), is NOT "'.TYPO3_mainDir.'" for some reason.<br />
 		You may have a strange server configuration.
-		Or maybe you didn\'t set constant TYPO3_MOD_PATH in your module?');
-	echo '<br /><strong>If you expect any help from anybody on this issue, you should save this page as an html document and send it along with your request for help!</strong>';
-	if (strstr($temp_path,'typo3_src'))	{
-		echo '<br /><font color="red"><strong> It seems you are trying to run the TYPO3 source libraries DIRECTLY! You cannot do that. Please read the installation documents for more information.<br />
-		However here is a little tip for now: Download one of the zip-file "packages", eg the "testsite" or "dummy" package.</strong></font>';
+		Or maybe you didn\'t set constant TYPO3_MOD_PATH in your module?';
 	}
+	echo '</strong></font>';
+
+	echo '<br /><br />If you want to debug this issue, please edit typo3/init.php of your TYPO3 source and search for the die() call right after this line (search for this text to find)...';
+
+// Remove this line if you want to debug this problem a little more...
+die();
+	echo '<br /><br /><strong>If you expect any help from anybody on this issue, you should save this page as an html document and send it along with your request for help!</strong>';
 	echo '<HR><pre>';
 	print_r(array(
 		'TYPO3_OS'=>TYPO3_OS,
diff --git a/typo3/mod/user/ws/class.wslib_gui.php b/typo3/mod/user/ws/class.wslib_gui.php
index 19ba9f043769..c4d92ff2fc37 100644
--- a/typo3/mod/user/ws/class.wslib_gui.php
+++ b/typo3/mod/user/ws/class.wslib_gui.php
@@ -745,7 +745,7 @@ class wslib_gui {
 					break;
 			}
 			$text = t3lib_BEfunc::datetime($dat['tstamp']).': ' . sprintf($text, $username);
-			$text.= ($data['comment']?'<br/>' . $LANG->getLL('stage_label_user_comment'). ' <em>'.$data['comment'].'</em>':'');
+			$text.= ($data['comment']?'<br/>' . $LANG->getLL('stage_label_user_comment'). ' <em>'.htmlspecialchars($data['comment']).'</em>':'');
 
 			$entry[] = $text;
 		}
diff --git a/typo3/sysext/version/cm1/index.php b/typo3/sysext/version/cm1/index.php
index 4a71f81adcfd..ea0485692ea1 100755
--- a/typo3/sysext/version/cm1/index.php
+++ b/typo3/sysext/version/cm1/index.php
@@ -1160,7 +1160,7 @@ class tx_version_cm1 extends t3lib_SCbase {
 				break;
 			}
 			$text = t3lib_BEfunc::dateTime($dat['tstamp']).': "'.$username.'" '.$text;
-			$text.= ($data['comment']?'<br/>User Comment: <em>'.$data['comment'].'</em>':'');
+			$text.= ($data['comment']?'<br/>User Comment: <em>'.htmlspecialchars($data['comment']).'</em>':'');
 
 			$entry[] = $text;
 		}
-- 
2.20.1