[TYPO3-core] RFC: #8090: Menu creation has empty defaults which could lead to problems
Steffen Kamper
steffen at sk-typo3.de
Fri Apr 11 11:38:49 CEST 2008
Hi
This is an SVN patch request.
Type: Bugfix
Bugtracker references:
http://bugs.typo3.org/view.php?id=8090
Branches: 4.2
Problem:
If you set pagetitle to:
Any title <script>alert("bad message");</script>
you can destroy a page because any access to FE will execute the Javascript
Solution:
patch adds HSC if stdWrap-Array is empty
vg Steffen
begin 666 8090_menu_defaultHSC.diff
M26YD97 at Z('1Y<&\S+W-Y<V5X="]C;7,O='-L:6(O8VQA<W,N='-L:6)?;65N
M=2YP:' -"CT]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]
M/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T-"BTM+2!T>7!O,R]S>7-E
M>'0O8VUS+W1S;&EB+V-L87-S+G1S;&EB7VUE;G4N<&AP"2AR979I<VEO;B S
M-34Q*0T**RLK('1Y<&\S+W-Y<V5X="]C;7,O='-L:6(O8VQA<W,N='-L:6)?
M;65N=2YP:' )*'=O<FMI;F<@8V]P>2D-"D! ("TQ-C8Q+#8@*S$V-C$L,3,@
M0$ -"B )"0D))'1H:7,M/DE;)VME>2==(#T@)&ME>3L*( D)"0DD=&AI<RT^
M25LG24Y09FEX)UT@/2 H)'1H:7,M/FEM9TYA;65.;W1286YD;VT@/R G)R Z
M("=?)RXD=&AI<RT^24Y09FEX340U*2XG7R<N)&ME>3L*( D)"0DD=&AI<RT^
M25LG=F%L)UT@/2 D=F%L.PHK"0D)"0DO+R!A9&0 at 2%-#(&EF(&5M<'1Y"BL)
M"0D):68@*"%C;W5N="@D=&AI<RT^25LG=F%L)UU;)W-T9%=R87 N)UTI*2![
M"BL)"0D)"21T:&ES+3Y)6R=V86PG75LG<W1D5W)A<"XG72 ](&%R<F%Y("@*
M*PD)"0D)"2=H=&UL4W!E8VEA;$-H87)S)R ]/B Q+ HK"0D)"0DI.PHK"0D)
M"7T**PD)"0D*( D)"0DD=&AI<RT^25LG=&ET;&4G72 ]("1T:&ES+3Y736-/
M8FHM/G-T9%=R87 H)'1H:7,M/F=E=%!A9V54:71L92 at D=&AI<RT^;65N=4%R
M<ELD:V5Y75LG=&ET;&4G72PD=&AI<RT^;65N=4%R<ELD:V5Y75LG;F%V7W1I
M=&QE)UTI+"1T:&ES+3Y)6R=V86PG75LG<W1D5W)A<"XG72D["B )"0D))'1H
M:7,M/DE;)W5I9"==(#T@)'1H:7,M/FUE;G5!<G);)&ME>5U;)W5I9"==.PH@
M"0D)"21T:&ES+3Y)6R=M;W5N=%]P:60G72 ]("1T:&ES+3YM96YU07)R6R1K
297E=6R=M;W5N=%]P:60G73L*
`
end
More information about the TYPO3-team-core
mailing list