Typo3 - Security

Aus Wikizone
Version vom 21. September 2006, 13:14 Uhr von 84.161.152.196 (Diskussion)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

11/09 2006 TYPO3 Security Bulletin TYPO3-20060911-1: indexed search

Component Type: System Extension This Extension is Part of the TYPO3 default installation Affected Components: Indexed Search

Versions: 2.9.0 under TYPO3 4.x

Vulnerability Type: Cross Site Scripting Severity: medium Problem Description: The search word was not escaped correctly so a prepared URL (e.g. referenced in an email) could potentially contain some unwanted JavaScript code.

Solution: Upgrade to TYPO3 4.0.2 or apply the Patch which is provided here: Initiates file downloadindexed search xss patch

Credits: Special thanks to Mr. Ekkehard Gümbel who pointed this one out to us, and to Mr. Ingmar Schlecht, who provided the Patch.

The Patch URL:http://typo3.org/fileadmin/security-team/indexed_search_XSS.diff 

Index: typo3/sysext/indexed_search/pi/class.tx_indexedsearch.php
===================================================================
--- typo3/sysext/indexed_search/pi/class.tx_indexedsearch.php	(Revision 1722)
+++ typo3/sysext/indexed_search/pi/class.tx_indexedsearch.php	(Arbeitskopie)
@@ -1333,7 +1333,7 @@
 		foreach (t3lib_div::trimExplode(',',$this->hiddenFieldList) as $fieldName)	{
 			$hiddenFieldMarkerArray = array();
 			$hiddenFieldMarkerArray['###HIDDEN_FIELDNAME###'] = $this->prefixId.'['.$fieldName.']';
-			$hiddenFieldMarkerArray['###HIDDEN_VALUE###'] = (string)$this->piVars[$fieldName];
+			$hiddenFieldMarkerArray['###HIDDEN_VALUE###'] = htmlspecialchars((string)$this->piVars[$fieldName]);
 
 			$hiddenFieldArr[$fieldName] = $this->cObj->substituteMarkerArrayCached($hiddenFieldCode, $hiddenFieldMarkerArray, array(), array());
 		}
Abgerufen von „https://wiki.stephanschlegel.de/index.php?title=Typo3_-_Security&oldid=1033