Commit c08d890b authored by Oliver Hader's avatar Oliver Hader
Browse files

Fixed bug #11621: XSS vulnerabilities in workspace module

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@7628 709f56b5-9817-0410-a4d7-c38de5d9e867
parent 2b73e6f6
......@@ -4,6 +4,7 @@
* Fixed bug #13042: XSS in index.php (thanks to Georg Ringer)
* Fixed bug #11617: XSS in template module (thanks to Georg Ringer)
* Fixed bug #13249: XSS in TS Object Browser (thanks to Marcus Krause)
* Fixed bug #11621: XSS vulnerabilities in workspace module (thanks to Georg Ringer)
2010-04-09 Michael Stucki <michael@typo3.org>
......
......@@ -1411,8 +1411,8 @@ class SC_mod_user_ws_index extends t3lib_SCbase {
$content .= '</td>';
// row #1, column #4 and 5: title and description
$content .= '<td nowrap="nowrap">' . $wksp['title'] . '</td>' .
'<td>' . nl2br($wksp['description']) . '</td>';
$content .= '<td nowrap="nowrap">' . htmlspecialchars($wksp['title']) . '</td>' .
'<td>' . nl2br(htmlspecialchars($wksp['description'])) . '</td>';
$content .= '</tr>';
// row #2, column #1 and #2
......@@ -1698,7 +1698,7 @@ class SC_mod_user_ws_index extends t3lib_SCbase {
$tag0 = $tag1 = '';
}
$content_array[] = $this->doc->wrapClickMenuOnIcon(t3lib_iconWorks::getIconImage('be_users', $uid, $GLOBALS['BACK_PATH'], ' align="middle" alt="UID: ' . $uid . '"'), 'be_users', $uid, 2).
$tag0 . $user['username'] . $tag1;
$tag0 . htmlspecialchars($user['username']) . $tag1;
}
}
return implode('<br />', $content_array);
......@@ -1737,7 +1737,7 @@ class SC_mod_user_ws_index extends t3lib_SCbase {
$tag0 = $tag1 = '';
}
$content_array[] = $this->doc->wrapClickMenuOnIcon(t3lib_iconWorks::getIconImage($table, $this->be_user_Array[$id], $GLOBALS['BACK_PATH'], ' align="middle" alt="UID: ' . $id . '"'), $table, $id, 2) .
$tag0 . $this->be_user_Array_full[$id]['username'] . $tag1;
$tag0 . htmlspecialchars($this->be_user_Array_full[$id]['username']) . $tag1;
}
else {
// group
......@@ -1759,7 +1759,7 @@ class SC_mod_user_ws_index extends t3lib_SCbase {
$tag0 = $tag1 = '';
}
$content_array[] = t3lib_iconWorks::getIconImage('be_users', $this->be_user_Array[$id], $GLOBALS['BACK_PATH'], ' align="middle" alt="UID: ' . $id . '"') .
$tag0 . $this->be_user_Array_full[$userUID]['username'] . $tag1;
$tag0 . htmlspecialchars($this->be_user_Array_full[$userUID]['username']) . $tag1;
}
}
sort($content_array);
......@@ -2035,7 +2035,7 @@ class SC_mod_user_ws_index extends t3lib_SCbase {
$text = $LANG->getLL('stage_undefined');
break;
}
$text = t3lib_BEfunc::datetime($dat['tstamp']).': ' . sprintf($text, $username);
$text = t3lib_BEfunc::datetime($dat['tstamp']).': ' . sprintf($text, htmlspecialchars($username));
$text.= ($data['comment']?'<br/>' . $LANG->getLL('stage_label_user_comment'). ' <em>'.htmlspecialchars($data['comment']).'</em>':'');
$entry[] = $text;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment