[TYPO3-german] jumpurl Fehler nach Update auf 4.7.9
Christian Kuhn
lolli at schwarzbu.ch
Thu Mar 7 12:41:21 CET 2013
On 03/07/2013 11:32 AM, Ralph Brugger wrote:
> direct_mail/res/scripts/class.tx_directmail_checkjumpurl.php
>
> function checkDataSubmission (&$feObj) {
> ..
> // finally set the jumpURL to the TSFE object
> $feObj->jumpurl = $jumpurl;
>
> + # set juHash as done for external_url in core:
> http://forge.typo3.org/issues/46071
> + t3lib_div::_GETset(t3lib_div::hmac($jumpurl, 'jumpurl'),
> 'juHash');
bad idea! This re-introduces the security hole.
The logic is ok for the 'external url' handling in TSFE because the
target link does NOT come from outside, but is fetched from DB in the
same process.
If you use this 'hack' in the direct_mail handling, where the target
link is provided by external _GET, you re-introduce the security hole
that was fixed by the security patch in the first place.
Regards
Christian
More information about the TYPO3-german
mailing list