[TYPO3-core] RFC #15227: Bug: class.tslib_content.php returns unfiltered data
Jigal van Hemert
jigal at xs4all.nl
Mon Jul 26 09:55:38 CEST 2010
Roland Schenke wrote:
> In my opinion one could use a regular expression
I'm personally a fan of regular expressions :-)
/^\d+[%*]?|\*$/
Will do here.
> the recommendation states that in case of MultiLegth the value before
> '*' has to be an integer.
It also says that '*' is equivalent to '1*'...
> and secure Typoscript. Whether this is a critical exploit or not I
> still think it deserves attention.
If you think that this is a security problem, you should not discuss
this on public lists, but report it to the security team:
http://typo3.org/teams/security/contact-us/
--
Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh
More information about the TYPO3-team-core
mailing list