[SECURITY] Fix GeneralUtility::sanitizeLocalUrl to detect foreign schemes
This patch adds a check to be able to recognize arbitrary schemes which have to be skipped. Furthermore a missing sanitation is added to TYPO3\CMS\Backend\Controller\ContentElement\ElementInformationController Resolves: #68825 Releases: master, 6.2 Security-Commit: de692804837ad0ddfdff194571dc8c786c717576 Security-Bulletin: TYPO3-CORE-SA-2015-009 Change-Id: Iddd54d241776a47f634c9ac2540e6a2e31801da7 Reviewed-on: http://review.typo3.org/43122 Reviewed-by:Oliver Hader <oliver.hader@typo3.org> Tested-by:
Showing
- typo3/sysext/backend/Classes/Controller/ContentElement/ElementInformationController.php 1 addition, 1 deletion...ontroller/ContentElement/ElementInformationController.php
- typo3/sysext/core/Classes/Utility/GeneralUtility.php 2 additions, 1 deletiontypo3/sysext/core/Classes/Utility/GeneralUtility.php
- typo3/sysext/core/Tests/Unit/Utility/GeneralUtilityTest.php 2 additions, 1 deletiontypo3/sysext/core/Tests/Unit/Utility/GeneralUtilityTest.php
Please register or sign in to comment