Commit 5eb60976 authored by Oliver Hader's avatar Oliver Hader
Browse files

Fixed bug #14114: Core mailform is open to spam abuse (thanks to Lars Houmark)

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@8417 709f56b5-9817-0410-a4d7-c38de5d9e867
parent fcbe0ca6
......@@ -18,6 +18,7 @@
* Fixed bug #1985: XSS vulnerability in wizard classes
* Fixed bug #14712: The GET/POST variable mimeType is used to create the http header content-type without verification (thanks to Rupert Germann)
* Fixed bug #14412: Field value added to foreign_table_where by replacing ###REC_FIELD_THE_FIELD_NAME### is not quoted (thanks to Helmut Hummel and Xavier Perseguers)
* Fixed bug #14114: Core mailform is open to spam abuse (thanks to Lars Houmark)
2010-05-17 Oliver Hader <oliver@typo3.org>
......
......@@ -67,7 +67,7 @@
* @see tslib_fe::sendFormmail(), t3lib/formmail.php
*/
class t3lib_formmail extends t3lib_htmlmail {
var $reserved_names = 'recipient,recipient_copy,auto_respond_msg,redirect,subject,attachment,from_email,from_name,replyto_email,replyto_name,organisation,priority,html_enabled,quoted_printable,submit_x,submit_y';
var $reserved_names = 'recipient,recipient_copy,auto_respond_msg,auto_respond_checksum,redirect,subject,attachment,from_email,from_name,replyto_email,replyto_name,organisation,priority,html_enabled,quoted_printable,submit_x,submit_y';
var $dirtyHeaders = array(); // collection of suspicious header data, used for logging
......@@ -132,9 +132,20 @@ class t3lib_formmail extends t3lib_htmlmail {
$this->replyto_email = t3lib_div::validEmail($this->replyto_email) ? $this->replyto_email : '';
$this->priority = ($V['priority']) ? t3lib_div::intInRange($V['priority'],1,5) : 3;
// Auto responder.
// auto responder
$this->auto_respond_msg = (trim($V['auto_respond_msg']) && $this->from_email) ? trim($V['auto_respond_msg']) : '';
$this->auto_respond_msg = $this->sanitizeHeaderString($this->auto_respond_msg);
if ($this->auto_respond_msg !== '') {
// Check if the value of the auto responder message has been modified with evil intentions
$autoRespondChecksum = $V['auto_respond_checksum'];
$correctHmacChecksum = t3lib_div::hmac($this->auto_respond_msg);
if ($autoRespondChecksum !== $correctHmacChecksum) {
t3lib_div::sysLog('Possible misuse of t3lib_formmail auto respond method. Subject: ' . $V['subject'], 'Core', 3);
return;
} else {
$this->auto_respond_msg = $this->sanitizeHeaderString($this->auto_respond_msg);
}
}
$Plain_content = '';
$HTML_content = '<table border="0" cellpadding="2" cellspacing="2">';
......
......@@ -1869,6 +1869,15 @@ class tslib_cObj {
break;
case 'hidden':
$value = trim($parts[2]);
// If this form includes an auto responder message, include a HMAC checksum field
// in order to verify potential abuse of this feature.
if (strlen($value) && t3lib_div::inList($confData['fieldname'], 'auto_respond_msg')) {
$hmacChecksum = t3lib_div::hmac($value);
$hiddenfields .= sprintf('<input type="hidden" name="auto_respond_checksum" id="%sauto_respond_checksum" value="%s" />',
$prefix, $hmacChecksum);
}
if (strlen($value) && t3lib_div::inList('recipient_copy,recipient',$confData['fieldname']) && $GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail']) {
break;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment