Index: classes/class.tx_templavoila_div.php
===================================================================
--- classes/class.tx_templavoila_div.php (revision 0)
+++ classes/class.tx_templavoila_div.php (revision 0)
@@ -0,0 +1,119 @@
+
+ */
+final class tx_templavoila_div {
+
+ /**
+ * Wrapper function for checking valid URL for redirect
+ *
+ * @param $url
+ */
+ public static function sanitizeLocalUrl($url = '') {
+ if (t3lib_div::compat_version('4.3')) {
+ return t3lib_div::sanitizeLocalUrl($url);
+ } elseif (t3lib_div::compat_version('4.2') && method_exists('t3lib_div', 'sanitizeLocalUrl')) {
+ return t3lib_div::sanitizeLocalUrl($url);
+ } else {
+ return self::internalSanitizeLocalUrl($url);
+ }
+
+ }
+
+
+ /**
+ * Checks if a given string is a valid frame URL to be loaded in the
+ * backend.
+ *
+ * @param string $url potential URL to check
+ *
+ * @return string either $url if $url is considered to be harmless, or an
+ * empty string otherwise
+ */
+ private static function internalSanitizeLocalUrl($url = '') {
+ $sanitizedUrl = '';
+ $decodedUrl = rawurldecode($url);
+ if (!t3lib_div::compat_version('4.1')) {
+ if ($decodedUrl !== t3lib_div::removeXSS($decodedUrl)) {
+ $decodedUrl = '';
+ }
+ }
+ if (!empty($url) && $decodedUrl !== '') {
+ $testAbsoluteUrl = t3lib_div::resolveBackPath($decodedUrl);
+ $testRelativeUrl = t3lib_div::resolveBackPath(
+ t3lib_div::dirname(t3lib_div::getIndpEnv('SCRIPT_NAME')) . '/' . $decodedUrl
+ );
+
+ // Pass if URL is on the current host:
+ if (t3lib_div::isValidUrl($decodedUrl)) {
+ if (t3lib_div::isOnCurrentHost($decodedUrl) && strpos($decodedUrl, t3lib_div::getIndpEnv('TYPO3_SITE_URL')) === 0) {
+ $sanitizedUrl = $url;
+ }
+ // Pass if URL is an absolute file path:
+ } elseif (t3lib_div::isAbsPath($decodedUrl) && t3lib_div::isAllowedAbsPath($decodedUrl)) {
+ $sanitizedUrl = $url;
+ // Pass if URL is absolute and below TYPO3 base directory:
+ } elseif (strpos($testAbsoluteUrl, t3lib_div::getIndpEnv('TYPO3_SITE_PATH')) === 0 && substr($decodedUrl, 0, 1) === '/') {
+ $sanitizedUrl = $url;
+ // Pass if URL is relative and below TYPO3 base directory:
+ } elseif (strpos($testRelativeUrl, t3lib_div::getIndpEnv('TYPO3_SITE_PATH')) === 0 && substr($decodedUrl, 0, 1) !== '/') {
+ $sanitizedUrl = $url;
+ }
+ }
+
+ if (!empty($url) && empty($sanitizedUrl)) {
+ t3lib_div::sysLog('The URL "' . $url . '" is not considered to be local and was denied.', 'Core', t3lib_div::SYSLOG_SEVERITY_NOTICE);
+ }
+
+ return $sanitizedUrl;
+ }
+
+ /**
+ * Checks if a given string is a Uniform Resource Locator (URL).
+ *
+ * @param string $url: The URL to be validated
+ * @return boolean Whether the given URL is valid
+ */
+ private static function isValidUrl($url) {
+ return (filter_var($url, FILTER_VALIDATE_URL, FILTER_FLAG_SCHEME_REQUIRED) !== false);
+ }
+
+
+ /**
+ * Checks if a given URL matches the host that currently handles this HTTP request.
+ * Scheme, hostname and (optional) port of the given URL are compared.
+ *
+ * @param string $url: URL to compare with the TYPO3 request host
+ * @return boolean Whether the URL matches the TYPO3 request host
+ */
+ private static function isOnCurrentHost($url) {
+ return (stripos($url . '/', t3lib_div::getIndpEnv('TYPO3_REQUEST_HOST') . '/') === 0);
+ }
+
+}
+?>
\ No newline at end of file
Index: cm1/index.php
===================================================================
--- cm1/index.php (revision 28532)
+++ cm1/index.php (working copy)
@@ -89,6 +89,8 @@
require_once (PATH_t3lib.'class.t3lib_scbase.php');
+require_once (t3lib_extMgm::extPath('templavoila') . 'classes/class.tx_templavoila_div.php');
+
require_once (t3lib_extMgm::extPath('templavoila').'cm1/class.tx_templavoila_cm1_dsedit.php');
require_once (t3lib_extMgm::extPath('templavoila').'cm1/class.tx_templavoila_cm1_etypes.php');
@@ -397,7 +399,7 @@
$this->displayTable = t3lib_div::_GP('table');
$this->displayUid = t3lib_div::_GP('uid');
$this->displayPath = t3lib_div::_GP('htmlPath');
- $this->returnUrl = t3lib_div::_GP('returnUrl');
+ $this->returnUrl = tx_templavoila_div::sanitizeLocalUrl(t3lib_div::_GP('returnUrl'));
// GPvars specific to the DS listing/table and mapping features:
$this->_preview = t3lib_div::_GP('_preview');
Index: cm2/index.php
===================================================================
--- cm2/index.php (revision 28532)
+++ cm2/index.php (working copy)
@@ -55,11 +55,11 @@
require_once (PATH_t3lib.'class.t3lib_tcemain.php');
require_once (PATH_t3lib.'class.t3lib_diff.php');
+require_once (t3lib_extMgm::extPath('templavoila') . 'classes/class.tx_templavoila_div.php');
-
/**
* Class for displaying color-marked-up version of FlexForm XML content.
*
@@ -92,7 +92,7 @@
$this->doc->backPath = $BACK_PATH;
$this->doc->docType = 'xhtml_trans';
- $this->returnUrl = t3lib_div::_GP('returnUrl');
+ $this->returnUrl = tx_templavoila_div::sanitizeLocalUrl(t3lib_div::_GP('returnUrl'));
$this->content.=$this->doc->startPage($LANG->getLL('title'));
$this->content.=$this->doc->header($LANG->getLL('title'));
Index: mod2/index.php
===================================================================
--- mod2/index.php (revision 28532)
+++ mod2/index.php (working copy)
@@ -88,9 +88,9 @@
$BE_USER->modAccess($MCONF,1); // This checks permissions and exits if the users has no permission for entry.
+require_once (t3lib_extMgm::extPath('templavoila') . 'classes/class.tx_templavoila_div.php');
-
/**
* Module 'TemplaVoila' for the 'templavoila' extension.
*
@@ -623,7 +623,7 @@
// Links:
$editLink = $lpXML.= 'doc->backPath,'gfx/edit2.gif','width="11" height="12"').' alt="" class="absmiddle" />';
- $dsTitle = ''.htmlspecialchars($dsR['title']).'';
+ $dsTitle = '' . htmlspecialchars($dsR['title']) . '';
if ($this->MOD_SETTINGS['set_details']) {
$XMLinfo = $this->DSdetails($dsR['dataprot']);
@@ -681,7 +681,7 @@
} else { // DS was a file:
// XML file icon:
- $onClick = 'document.location=\'' . $this->doc->backPath . 'file_edit.php?target=' . rawurlencode(PATH_site . $dsR['path']) . '&returnUrl=' . rawurlencode(t3lib_div::getIndpEnv('REQUEST_URI')) . '\';';
+ $onClick = 'document.location=\'' . $this->doc->backPath . 'file_edit.php?target=' . rawurlencode(PATH_site . $dsR['path']) . '&returnUrl=' . rawurlencode(tx_templavoila_div::sanitizeLocalUrl(t3lib_div::getIndpEnv('REQUEST_URI'))) . '\';';
$recordIcon = 'doc->backPath,'gfx/fileicons/xml.gif','width="18" height="16"').' alt="" class="absmiddle" />';
// Preview icon: