[SECURITY] Stored XSS in shortcut functionality

Resolves: #73449 Releases: 6.2 Security-Commit: c4df50a433362c2a3976f40bcbc5be82d4cb3cb6 Security-Bulletins: TYPO3-CORE-SA-2016-005, 006, 007, 008 Change-Id: I7881425226a6a23b9acf6a1870b82c4dcf0fee93 Reviewed-on: https://review.typo3.org/46828 Reviewed-by: Oliver Hader <oliver.hader@typo3.org> Tested-by: Oliver Hader <oliver.hader@typo3.org>

[SECURITY] Stored XSS in shortcut functionality
Resolves: #73449 Releases: 6.2 Security-Commit: c4df50a433362c2a3976f40bcbc5be82d4cb3cb6 Security-Bulletins: TYPO3-CORE-SA-2016-005, 006, 007, 008 Change-Id: I7881425226a6a23b9acf6a1870b82c4dcf0fee93 Reviewed-on: https://review.typo3.org/46828 Reviewed-by: Oliver Hader <oliver.hader@typo3.org> Tested-by: Oliver Hader <oliver.hader@typo3.org>
f0716534 · Wouter Wolters · Oliver Hader · 844369e9 · f0716534
Commit f0716534 authored 9 years ago by Wouter Wolters Committed by Oliver Hader 9 years ago
--- a/typo3/sysext/backend/Classes/Toolbar/ShortcutToolbarItem.php
+++ b/typo3/sysext/backend/Classes/Toolbar/ShortcutToolbarItem.php
@@ -300,7 +300,7 @@ class ShortcutToolbarItem implements \TYPO3\CMS\Backend\Toolbar\ToolbarItemHookI
 			$shortcut['group'] = $shortcutGroup;
 			$shortcut['icon'] = $this->getShortcutIcon($row, $shortcut);
 			$shortcut['iconTitle'] = $this->getShortcutIconTitle($shortcut['label'], $row['module_name'], $row['M_module_name']);
-			$shortcut['action'] = 'jump(unescape(\'' . rawurlencode($this->getTokenUrl($row['url'])) . '\'),\'' . $moduleName . '\',\'' . $moduleParts[0] . '\', ' . (int)$pageId . ');';
+			$shortcut['action'] = 'jump(' . GeneralUtility::quoteJSvalue($this->getTokenUrl($row['url'])) . ',' . GeneralUtility::quoteJSvalue($moduleName) . ',' . GeneralUtility::quoteJSvalue($moduleParts[0]) . ', ' . (int)$pageId . ');';

 			$shortcuts[] = $shortcut;
 		}