Commit 647aa7af authored by Oliver Hader's avatar Oliver Hader Committed by Oliver Hader
Browse files

[SECURITY] Disallow insecure deserialization for l18n_diffsource

Serialized values in l18n_diffsource are vulnerable to insecure
deserialization when being invoked in FormEngine or DataHandler.

Resolves: #88323
Releases: master, 9.5, 8.7
Security-Commit: 215de3e52140dc69ccb0e5802ab4234922b1aa63
Security-Bulletin: TYPO3-CORE-SA-2019-020
Change-Id: I03704b35d94e2575e9231656977f3760e6f04e2b
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/61146

Tested-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
parent 75cc3d6b
......@@ -64,7 +64,10 @@ class DatabaseLanguageRows implements FormDataProviderInterface
&& !empty($result['databaseRow'][$result['processedTca']['ctrl']['transOrigDiffSourceField']])
) {
$defaultLanguageKey = $result['tableName'] . ':' . (int)$result['databaseRow']['uid'];
$result['defaultLanguageDiffRow'][$defaultLanguageKey] = unserialize($result['databaseRow'][$result['processedTca']['ctrl']['transOrigDiffSourceField']]);
$result['defaultLanguageDiffRow'][$defaultLanguageKey] = unserialize(
$result['databaseRow'][$result['processedTca']['ctrl']['transOrigDiffSourceField']],
['allowed_classes' => false]
);
}
// Add language overlays from further localizations if requested
......
......@@ -1335,7 +1335,10 @@ class DataHandler implements LoggerAwareInterface
) {
$originalLanguageRecord = $this->recordInfo($table, $currentRecord[$GLOBALS['TCA'][$table]['ctrl']['transOrigPointerField']], '*');
BackendUtility::workspaceOL($table, $originalLanguageRecord);
$originalLanguage_diffStorage = unserialize($currentRecord[$GLOBALS['TCA'][$table]['ctrl']['transOrigDiffSourceField']]);
$originalLanguage_diffStorage = unserialize(
$currentRecord[$GLOBALS['TCA'][$table]['ctrl']['transOrigDiffSourceField']],
['allowed_classes' => false]
);
}
$this->checkValue_currentRecord = $checkValueRecord;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment