Commit 6e54ef9c authored by Oliver Hader's avatar Oliver Hader
Browse files

Fixed bug #12628: XSS in sysext sys_action

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@7631 709f56b5-9817-0410-a4d7-c38de5d9e867
parent 2e158ce0
......@@ -6,6 +6,7 @@
* Fixed bug #13249: XSS in TS Object Browser (thanks to Marcus Krause)
* Fixed bug #11621: XSS vulnerabilities in workspace module (thanks to Georg Ringer)
* Fixed bug #11620: XSS vulnerability in task center module (thanks to Georg Ringer)
* Fixed bug #12628: XSS in sysext sys_action (thanks to Georg Ringer)
2010-04-09 Michael Stucki <michael@typo3.org>
......
......@@ -72,7 +72,7 @@ class tx_sysaction extends mod_user_task {
if($actionRow = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
// Action header:
$header = t3lib_iconworks::getIconImage("sys_action",$actionRow,$this->backPath,'hspace="2" class="absmiddle"').'<b>'.$actionRow["title"].'</b>';
$header = t3lib_iconworks::getIconImage("sys_action",$actionRow,$this->backPath,'hspace="2" class="absmiddle"').'<b>'.htmlspecialchars($actionRow["title"]).'</b>';
$out.='<table border=0 cellpadding=0 cellspacing=1 width=100%>
<tr><td colspan=2 class="bgColor5">'.fw($header).'</td></tr>
<tr>
......@@ -81,7 +81,7 @@ class tx_sysaction extends mod_user_task {
</tr>
<tr>
<td width=1% valign=top class="bgColor4">'.fw($LANG->sL(t3lib_BEfunc::getItemLabel("sys_action","description"))."&nbsp;").'</td>
<td valign=top class="bgColor4">'.fw(nl2br($actionRow["description"])).'</td>
<td valign=top class="bgColor4">'.fw(nl2br(htmlspecialchars($actionRow["description"]))).'</td>
</tr>';
$out.='</table>';
$theCode = $this->pObj->doc->section("",$out,0,1);
......@@ -272,7 +272,7 @@ class tx_sysaction extends mod_user_task {
$res = $this->getActionResPointer();
$lines=array();
while($actionRow = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
$lines[]='<nobr>'.t3lib_iconworks::getIconImage("sys_action",$actionRow,$this->backPath,'hspace="2" align="top"').$this->action_link($this->fixed_lgd($actionRow["title"]),$actionRow["uid"],$actionRow["description"]).'</nobr><BR>';
$lines[]='<nobr>'.t3lib_iconworks::getIconImage("sys_action",$actionRow,$this->backPath,'hspace="2" align="top"').$this->action_link($this->fixed_lgd(htmlspecialchars($actionRow["title"])),$actionRow["uid"],htmlspecialchars($actionRow["description"])).'</nobr><BR>';
}
$out = implode("",$lines);
return $out;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment