[SECURITY] XSS in (old) extension manager information function

Needs to be fixed also in 6.x, but the affected function is not used anymore. Change-Id: If10b0cf25015eada0657aaebc19da3e3364f738a Fixes: #54111 Fixes: #54113 Releases: 6.2, 6.1, 6.0, 4.7, 4.5 Security-Commit: d23f0ccc8960832c184a0e6c5daced98a0b6d096 Security-Bulletin: TYPO3-CORE-SA-2014-001 Reviewed-on: https://review.typo3.org/30306 Reviewed-by: Oliver Hader Tested-by: Oliver Hader

[SECURITY] XSS in (old) extension manager information function
Needs to be fixed also in 6.x, but the affected function is not used anymore. Change-Id: If10b0cf25015eada0657aaebc19da3e3364f738a Fixes: #54111 Fixes: #54113 Releases: 6.2, 6.1, 6.0, 4.7, 4.5 Security-Commit: d23f0ccc8960832c184a0e6c5daced98a0b6d096 Security-Bulletin: TYPO3-CORE-SA-2014-001 Reviewed-on: https://review.typo3.org/30306 Reviewed-by: Oliver Hader Tested-by: Oliver Hader
3858e461 · Nicole Cordes · Oliver Hader · 6c6ae4b6 · 3858e461
Commit 3858e461 authored 10 years ago by Nicole Cordes Committed by Oliver Hader 10 years ago
--- a/typo3/sysext/core/Classes/TypoScript/ConfigurationForm.php
+++ b/typo3/sysext/core/Classes/TypoScript/ConfigurationForm.php
@@ -144,7 +144,7 @@ class ConfigurationForm extends \TYPO3\CMS\Core\TypoScript\ExtendedTemplateServi
 		$content = '';
 		$content .= \TYPO3\CMS\Core\Utility\GeneralUtility::wrapJS('
 			function uFormUrl(aname) {
-				document.' . $this->ext_CEformName . '.action = "' . \TYPO3\CMS\Core\Utility\GeneralUtility::linkThisScript() . '#"+aname;
+				document.' . $this->ext_CEformName . '.action = ' . \TYPO3\CMS\Core\Utility\GeneralUtility::quoteJSvalue(\TYPO3\CMS\Core\Utility\GeneralUtility::linkThisScript() . '#') . '+aname;
 			}
 		');
 		if ($addFormTag) {