[TYPO3-core] FYI: Indexed search SQL injection patch
Ingmar Schlecht
ingmar at typo3.org
Mon Dec 10 21:55:43 CET 2007
Hi guys,
I just committed the following patch to 4.0, 4.1 and trunk.
It fixes a minor security issue with indexed search.
Minor because of those reasons:
- The issue is only exploitable for BE users
- The value is (!) addslashes()'ed - but not within a quoted string
BTW, if anybody has the time to go through the ChangeLog of 4.1.4 and
check what were the important changes to summarize them in the top part
of the release notes at http://wiki.typo3.org/index.php/TYPO3_4.1.4,
that'd be great!
cheers
Ingmar
--
Ingmar Schlecht
TYPO3 Association Active Member
-------------- next part --------------
A non-text attachment was scrubbed...
Name: indexed_search_security.patch
Type: text/x-diff
Size: 1882 bytes
Desc: not available
Url : http://lists.netfielders.de/pipermail/typo3-team-core/attachments/20071210/d603cb69/attachment.patch
More information about the TYPO3-team-core
mailing list