From b167bb90aab862540fdb8172376acebaab5af226 Mon Sep 17 00:00:00 2001
From: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Date: Tue, 25 Nov 2014 17:18:51 +0100
Subject: [PATCH] [BUGFIX] Add missing htmlspecialchars() or quoteJSvalue()
Change-Id: I6c088a2e5b9f870bacc7d4e425d56698baad19fb
Resolves: #63321
Releases: master, 6.2
Reviewed-on: http://review.typo3.org/34603
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Reviewed-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Tested-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Markus Klein <klein.t3@reelworx.at>
---
.../File/CreateFolderController.php | 2 +-
.../Classes/Report/InstallStatusReport.php | 2 +-
.../Classes/RecordList/DatabaseRecordList.php | 28 +++++++++----------
.../Report/Status/ConfigurationStatus.php | 2 +-
.../Classes/Report/Status/SecurityStatus.php | 4 +--
.../Controller/SetupModuleController.php | 2 +-
.../sysext/sys_action/Classes/ActionTask.php | 7 +++--
.../Controller/VersionModuleController.php | 2 +-
8 files changed, 25 insertions(+), 24 deletions(-)
diff --git a/typo3/sysext/backend/Classes/Controller/File/CreateFolderController.php b/typo3/sysext/backend/Classes/Controller/File/CreateFolderController.php
index c94ede819128..af1d5c0b7f96 100644
--- a/typo3/sysext/backend/Classes/Controller/File/CreateFolderController.php
+++ b/typo3/sysext/backend/Classes/Controller/File/CreateFolderController.php
@@ -123,7 +123,7 @@ class CreateFolderController {
function reload(a) { //
if (!changed || (changed && confirm(' . GeneralUtility::quoteJSvalue($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:mess.redraw')) . '))) {
var params = "&target="+encodeURIComponent(path)+"&number="+a+"&returnUrl=' . rawurlencode($this->returnUrl) . '";
- window.location.href = "' . BackendUtility::getModuleUrl('file_newfolder') . '"+params;
+ window.location.href = ' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('file_newfolder')) . '+params;
}
}
function backToList() { //
diff --git a/typo3/sysext/install/Classes/Report/InstallStatusReport.php b/typo3/sysext/install/Classes/Report/InstallStatusReport.php
index 60516762a6bc..14f9784be471 100644
--- a/typo3/sysext/install/Classes/Report/InstallStatusReport.php
+++ b/typo3/sysext/install/Classes/Report/InstallStatusReport.php
@@ -127,7 +127,7 @@ class InstallStatusReport implements \TYPO3\CMS\Reports\StatusProviderInterface
$value = $GLOBALS['LANG']->getLL('status_updateIncomplete');
$severity = \TYPO3\CMS\Reports\Status::WARNING;
$url = BackendUtility::getModuleUrl('system_InstallInstall');
- $message = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.install_update'), '<a href="' . $url . '">', '</a>');
+ $message = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.install_update'), '<a href="' . htmlspecialchars($url) . '">', '</a>');
}
return \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Reports\Status::class, $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_remainingUpdates'), $value, $message, $severity);
}
diff --git a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
index aebe43774c5f..d0630f563667 100644
--- a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
+++ b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
@@ -1186,25 +1186,25 @@ class DatabaseRecordList extends AbstractDatabaseRecordList {
}
// "Move" wizard link for pages/tt_content elements:
if ($table == 'tt_content' && $permsEdit || $table == 'pages') {
- $onClick = htmlspecialchars('return jumpExt(\'' . $this->backPath . 'move_el.php?table=' . $table . '&uid=' . $row['uid'] . '\');');
+ $onClick = 'return jumpExt(\'' . $this->backPath . 'move_el.php?table=' . $table . '&uid=' . $row['uid'] . '\');';
$linkTitleLL = $GLOBALS['LANG']->getLL('move_' . ($table === 'tt_content' ? 'record' : 'page'), TRUE);
$spriteIcon = $table === 'tt_content'
? IconUtility::getSpriteIcon('actions-document-move')
: IconUtility::getSpriteIcon('actions-page-move');
- $cells['move'] = '<a class="btn" href="#" onclick="' . $onClick . '" title="' . $linkTitleLL . '">' . $spriteIcon . '</a>';
+ $cells['move'] = '<a class="btn" href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . $linkTitleLL . '">' . $spriteIcon . '</a>';
}
// If the extended control panel is enabled OR if we are seeing a single table:
if ($GLOBALS['SOBE']->MOD_SETTINGS['bigControlPanel'] || $this->table) {
// "Info": (All records)
- $onClick = htmlspecialchars(('top.launchView(\'' . $table . '\', \'' . $row['uid'] . '\'); return false;'));
- $cells['viewBig'] = '<a class="btn" href="#" onclick="' . $onClick . '" title="' . $GLOBALS['LANG']->getLL('showInfo', TRUE) . '">'
+ $onClick = 'top.launchView(\'' . $table . '\', \'' . $row['uid'] . '\'); return false;';
+ $cells['viewBig'] = '<a class="btn" href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . $GLOBALS['LANG']->getLL('showInfo', TRUE) . '">'
. IconUtility::getSpriteIcon('actions-document-info') . '</a>';
// If the table is NOT a read-only table, then show these links:
if (!$GLOBALS['TCA'][$table]['ctrl']['readOnly']) {
// "Revert" link (history/undo)
$moduleUrl = BackendUtility::getModuleUrl('record_history', array('element' => $table . ':' . $row['uid']));
- $onClick = htmlspecialchars('return jumpExt(' . GeneralUtility::quoteJSvalue($this->backPath . $moduleUrl) . ',\'#latest\');');
- $cells['history'] = '<a class="btn" href="#" onclick="' . $onClick . '" title="'
+ $onClick = 'return jumpExt(' . GeneralUtility::quoteJSvalue($this->backPath . $moduleUrl) . ',\'#latest\');';
+ $cells['history'] = '<a class="btn" href="#" onclick="' . htmlspecialchars($onClick) . '" title="'
. $GLOBALS['LANG']->getLL('history', TRUE) . '">'
. IconUtility::getSpriteIcon('actions-document-history-open') . '</a>';
// Versioning:
@@ -1216,18 +1216,18 @@ class DatabaseRecordList extends AbstractDatabaseRecordList {
if (count($vers) > 1) {
$versionIcon = count($vers) - 1;
}
- $href = htmlspecialchars($this->backPath . BackendUtility::getModuleUrl('web_txversionM1', array(
+ $href = $this->backPath . BackendUtility::getModuleUrl('web_txversionM1', array(
'table' => $table, 'uid' => $row['uid']
- )));
- $cells['version'] = '<a class="btn" href="' . $href . '" title="'
+ ));
+ $cells['version'] = '<a class="btn" href="' . htmlspecialchars($href) . '" title="'
. $GLOBALS['LANG']->getLL('displayVersions', TRUE) . '">'
. IconUtility::getSpriteIcon(('status-version-' . $versionIcon)) . '</a>';
}
}
// "Edit Perms" link:
if ($table === 'pages' && $GLOBALS['BE_USER']->check('modules', 'system_BeuserTxPermission') && ExtensionManagementUtility::isLoaded('beuser')) {
- $href = htmlspecialchars((BackendUtility::getModuleUrl('system_BeuserTxPermission') . '&id=' . $row['uid'] . '&return_id=' . $row['uid'] . '&edit=1'));
- $cells['perms'] = '<a class="btn" href="' . $href . '" title="'
+ $href = BackendUtility::getModuleUrl('system_BeuserTxPermission') . '&id=' . $row['uid'] . '&return_id=' . $row['uid'] . '&edit=1';
+ $cells['perms'] = '<a class="btn" href="' . htmlspecialchars($href) . '" title="'
. $GLOBALS['LANG']->getLL('permissions', TRUE) . '">'
. IconUtility::getSpriteIcon('status-status-locked') . '</a>';
}
@@ -1311,12 +1311,12 @@ class DatabaseRecordList extends AbstractDatabaseRecordList {
);
$params = '&cmd[' . $table . '][' . $row['uid'] . '][delete]=1';
- $onClick = htmlspecialchars('if (confirm(' . $warningText . ')) {jumpToUrl(\''
- . $GLOBALS['SOBE']->doc->issueCommand($params, -1) . '\');} return false;');
+ $onClick = 'if (confirm(' . $warningText . ')) {jumpToUrl(\''
+ . $GLOBALS['SOBE']->doc->issueCommand($params, -1) . '\');} return false;';
$icon = IconUtility::getSpriteIcon('actions-edit-' . $actionName);
$linkTitle = $GLOBALS['LANG']->getLL($actionName, TRUE);
- $cells['delete'] = '<a class="btn" href="#" onclick="' . $onClick . '" title="' . $linkTitle . '">' . $icon . '</a>';
+ $cells['delete'] = '<a class="btn" href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . $linkTitle . '">' . $icon . '</a>';
}
// "Levels" links: Moving pages into new levels...
if ($permsEdit && $table == 'pages' && !$this->searchLevels) {
diff --git a/typo3/sysext/reports/Classes/Report/Status/ConfigurationStatus.php b/typo3/sysext/reports/Classes/Report/Status/ConfigurationStatus.php
index 15386d6cfba2..94b551ccfde8 100644
--- a/typo3/sysext/reports/Classes/Report/Status/ConfigurationStatus.php
+++ b/typo3/sysext/reports/Classes/Report/Status/ConfigurationStatus.php
@@ -81,7 +81,7 @@ class ConfigurationStatus implements \TYPO3\CMS\Reports\StatusProviderInterface
$value = $GLOBALS['LANG']->getLL('status_empty');
$severity = \TYPO3\CMS\Reports\Status::WARNING;
$url = \TYPO3\CMS\Backend\Utility\BackendUtility::getModuleUrl('system_dbint') . '&id=0&SET[function]=refindex';
- $message = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.backend_reference_index'), '<a href="' . $url . '">', '</a>', \TYPO3\CMS\Backend\Utility\BackendUtility::dateTime($lastRefIndexUpdate));
+ $message = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.backend_reference_index'), '<a href="' . htmlspecialchars($url) . '">', '</a>', \TYPO3\CMS\Backend\Utility\BackendUtility::dateTime($lastRefIndexUpdate));
}
return GeneralUtility::makeInstance(\TYPO3\CMS\Reports\Status::class, $GLOBALS['LANG']->getLL('status_referenceIndex'), $value, $message, $severity);
}
diff --git a/typo3/sysext/reports/Classes/Report/Status/SecurityStatus.php b/typo3/sysext/reports/Classes/Report/Status/SecurityStatus.php
index 905be5348f0f..6ce6e41f4cd3 100644
--- a/typo3/sysext/reports/Classes/Report/Status/SecurityStatus.php
+++ b/typo3/sysext/reports/Classes/Report/Status/SecurityStatus.php
@@ -78,7 +78,7 @@ class SecurityStatus implements \TYPO3\CMS\Reports\StatusProviderInterface {
$editUserAccountUrl = 'alt_doc.php?returnUrl=' .
rawurlencode(BackendUtility::getModuleUrl('system_ReportsTxreportsm1')) . '&edit[be_users][' . $row['uid'] . ']=edit';
$message = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.backend_admin'),
- '<a href="' . $editUserAccountUrl . '">', '</a>');
+ '<a href="' . htmlspecialchars($editUserAccountUrl) . '">', '</a>');
}
}
$GLOBALS['TYPO3_DB']->sql_free_result($res);
@@ -201,7 +201,7 @@ class SecurityStatus implements \TYPO3\CMS\Reports\StatusProviderInterface {
$severity = \TYPO3\CMS\Reports\Status::ERROR;
$changeInstallToolPasswordUrl = BackendUtility::getModuleUrl('system_InstallInstall');
$message = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.installtool_default_password'),
- '<a href="' . $changeInstallToolPasswordUrl . '">', '</a>');
+ '<a href="' . htmlspecialchars($changeInstallToolPasswordUrl) . '">', '</a>');
}
return GeneralUtility::makeInstance(\TYPO3\CMS\Reports\Status::class,
$GLOBALS['LANG']->getLL('status_installToolPassword'), $value, $message, $severity);
diff --git a/typo3/sysext/setup/Classes/Controller/SetupModuleController.php b/typo3/sysext/setup/Classes/Controller/SetupModuleController.php
index e99e8485b8c0..e4812646af2a 100644
--- a/typo3/sysext/setup/Classes/Controller/SetupModuleController.php
+++ b/typo3/sysext/setup/Classes/Controller/SetupModuleController.php
@@ -679,7 +679,7 @@ class SetupModuleController {
}
}
if (count($opt)) {
- $this->simulateSelector = '<select id="field_simulate" name="simulateUser" onchange="window.location.href=\'' . BackendUtility::getModuleUrl('user_setup') . '&simUser=\'+this.options[this.selectedIndex].value;"><option></option>' . implode('', $opt) . '</select>';
+ $this->simulateSelector = '<select id="field_simulate" name="simulateUser" onchange="window.location.href=' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('user_setup') . '&simUser=') . '+this.options[this.selectedIndex].value;"><option></option>' . implode('', $opt) . '</select>';
}
}
// This can only be set if the previous code was executed.
diff --git a/typo3/sysext/sys_action/Classes/ActionTask.php b/typo3/sysext/sys_action/Classes/ActionTask.php
index adf3b1d926f7..55d0910473d5 100644
--- a/typo3/sysext/sys_action/Classes/ActionTask.php
+++ b/typo3/sysext/sys_action/Classes/ActionTask.php
@@ -718,9 +718,10 @@ class ActionTask implements \TYPO3\CMS\Taskcenter\TaskInterface {
$actionContent .= '<hr /> ' . $fullsearch->tableWrap($sql_query['qSelect']);
}
$actionContent .= '<br /><a title="' . $GLOBALS['LANG']->getLL('action_editQuery') . '" href="'
- . BackendUtility::getModuleUrl('system_dbint')
- . '&id=' . '&SET[function]=search' . '&SET[search]=query'
- . '&storeControl[STORE]=-' . $record['uid'] . '&storeControl[LOAD]=1' . '">
+ . htmlspecialchars(BackendUtility::getModuleUrl('system_dbint')
+ . '&id=' . '&SET[function]=search' . '&SET[search]=query'
+ . '&storeControl[STORE]=-' . $record['uid'] . '&storeControl[LOAD]=1')
+ . '">
<img class="icon"' . \TYPO3\CMS\Backend\Utility\IconUtility::skinImg($GLOBALS['BACK_PATH'],
'gfx/edit2.gif') . ' alt="" />' . $GLOBALS['LANG']->getLL(($queryIsEmpty ? 'action_createQuery'
: 'action_editQuery')) . '</a><br /><br />';
diff --git a/typo3/sysext/version/Classes/Controller/VersionModuleController.php b/typo3/sysext/version/Classes/Controller/VersionModuleController.php
index ba79c40b9dd6..b88eb73c7ca0 100644
--- a/typo3/sysext/version/Classes/Controller/VersionModuleController.php
+++ b/typo3/sysext/version/Classes/Controller/VersionModuleController.php
@@ -424,7 +424,7 @@ class VersionModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClass
<td>' . $this->adminLinks($tN, $subrow) . '</td>
<td>' . $subrow['uid'] . '</td>
' . ($ownVer > 1 ? '<td style="font-weight: bold; background-color: yellow;"><a href="' .
- BackendUtility::getModuleUrl('web_txversionM1', array('table' => $tN, 'uid' => $subrow['uid'])) .
+ htmlspecialchars(BackendUtility::getModuleUrl('web_txversionM1', array('table' => $tN, 'uid' => $subrow['uid']))) .
'">' . ($ownVer - 1) . '</a></td>' : '<td></td>') . '
<td width="98%">' . BackendUtility::getRecordTitle($tN, $subrow, TRUE) . '</td>
</tr>';
--
GitLab