[TYPO3-shop] Is there any input validation?
Franz Holzinger
franz at fholzinger.com
Tue Jan 16 17:06:02 CET 2007
Hello
>
> XSS entries are however not filtered out:
> If you enter this:
> <script alert("Hello, XSS");></script>
> Then it will remain.
this can be fixed manually:
http://svn.sourceforge.net/viewvc/typo3xdev/tx_ttproducts/trunk/lib/class.tx_ttproducts_address.php?r1=4051&r2=4625
$allowedTags = '<br><a><b><td><tr><div>';
foreach ($this->infoArray as $type => $infoRowArray) {
if (is_array($infoRowArray)) {
foreach ($infoRowArray as $k => $infoRow) {
$this->infoArray[$type][$k] = strip_tags ($infoRow, $allowedTags);
}
} else {
$this->infoArray[$type] = strip_tags ($infoRowArray, $allowedTags);
}
}
}
This comes into tt_products >= 2.5.2
- Franz
More information about the TYPO3-project-tt-products
mailing list