[TYPO3-core] RFC #15227: Bug: class.tslib_content.php returns unfiltered data
Roland Schenke
rs at kruselenz.com
Sun Jul 25 17:03:32 CEST 2010
Hi
This is an SVN patch request.
Type: Bugfix
Bugtracker references:
http://bugs.typo3.org/view.php?id=15227
Branches:
TYPO3_4-4 & trunk
Problem:
In function class.tslib_content.php::MULTIMEDIA() one has the ability to specify height and width parameters for such objects via Typoscript.
In Lines 2632, 2633 and 2639, 2640 these values are assigned unfiltered to html attributes which are part of the <embed> tag that is used to embed the defined Object like Movies, Flash Applications or JAVA Class Files.
Solution:
apply intval() as integer seems to be the desired datatype
Notes:
This exploit might be trivial but I'm quite sure it is not intended nor expected.
The following patch should remove this as it seems that integer is the desired data type.
Have a great day.
Roland
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 15227.diff
Type: application/octet-stream
Size: 1414 bytes
Desc: not available
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20100725/6d0444c3/attachment.obj>
-------------- next part --------------
--
Mit freundlichen Gr??en / Best regards
Roland Schenke
Forschung und Entwicklung
K & L Internet Service
Kruse & Lenz GbR - Vrestorfer Weg 5 - 21339 L?neburg
Fon : 0176 / 46534665
E-Mail : info at kruselenz.com
Web : www.kruselenz.com
*** Internetauftritte * CMS * Webshops * Hosting * Grafik ***
More information about the TYPO3-team-core
mailing list