Commit e52622df authored by Oliver Hader's avatar Oliver Hader
Browse files

Fixed bug #13960: XSS in sys_action (thanks to Georg Ringer)

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@8342 709f56b5-9817-0410-a4d7-c38de5d9e867
parent 2305b493
......@@ -4,6 +4,7 @@
* Fixed bug #13292: TYPO3 error message reveals path to web root (thanks to Xavier Perseguers)
* Fixed bug #11618: XSS vulnerability in install tool / BE login (thanks to Georg Ringer)
* Fixed bug #13961: XSS in impexp (thanks to Georg Ringer)
* Fixed bug #13960: XSS in sys_action (thanks to Georg Ringer)
2010-05-17 Oliver Hader <oliver@typo3.org>
......
......@@ -117,7 +117,7 @@ class tx_sysaction extends mod_user_task {
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'be_users', 'pid=0 AND cruser_id='.intval($this->BE_USER->user['uid']).' AND createdByAction='.intval($actionRow['uid']).t3lib_BEfunc::deleteClause('be_users'), '', 'username');
$lines = array();
while($uRow = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
$lines[] = "<nobr>".($uRow["uid"]==$userRecord["uid"]?"<b>":"").$this->action_linkUserName(t3lib_iconworks::getIconImage("be_users",$uRow,$this->backPath,'title="uid='.$uRow["uid"].'" hspace="2" align="top"').$uRow["username"]." (".$uRow["realName"].")".($uRow["uid"]==$userRecord["uid"]?"</b>":"")."</nobr>",$actionRow["uid"],$uRow["uid"])."<br>";
$lines[] = '<nobr>' . ($uRow['uid'] == $userRecord['uid'] ? '<strong>' : '') . $this->action_linkUserName(t3lib_iconworks::getIconImage('be_users', $uRow, $this->backPath, 'title="uid=' . $uRow['uid'] . '" hspace="2" align="top"') . htmlspecialchars($uRow['username']) . ' (' . htmlspecialchars($uRow['realName']) . ')' . ($uRow['uid'] == $userRecord['uid'] ? '</strong>' : '') . '</nobr>', $actionRow['uid'], $uRow['uid']) . '<br />';
}
if (count($lines)) {
$theCode.= $this->pObj->doc->section($LANG->getLL("action_t1_listOfUsers"),implode("",$lines),0,1);
......@@ -161,7 +161,7 @@ class tx_sysaction extends mod_user_task {
} else {
$p.= $LANG->getLL("lNone");
}
$actionContent.=t3lib_iconworks::getIconImage("be_users",$userRecord,$this->backPath,'title="'.htmlspecialchars($p).'" hspace=2 align=top').$userRecord["username"]." (".$userRecord["realName"].")";
$actionContent .= t3lib_iconworks::getIconImage('be_users', $userRecord, $this->backPath, 'title="' . htmlspecialchars($p) . '" hspace="2" align="top"') . htmlspecialchars($userRecord['username']) . ' (' . htmlspecialchars($userRecord['realName']) . ')';
}
$actionContent.=$this->pObj->doc->table($formA);
$theCode.= $this->pObj->doc->section($LANG->getLL($newFlag?"action_Create":"action_Update"),$actionContent,0,1);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment