Project

General

Profile

Bug #5030

Dokumentation: Code-Beispiel enthält Sicherheitsproblem

Added by Nicola Chiapolini over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
High
Assignee:
Target version:
Start date:
30.11.2017
Due date:
% Done:

0%

Estimated time:
Discuss:

Description

https://docs.typo3.org/typo3cms/drafts/github/T3DocumentationStarter/Public-Info-053/Manual.html#person-search-form

Die Sanitizer in den Variablen ist falsch (all statt alnumx).

Im Bereich HTML erlaubt das Cross-Site Scripting.

Suche zum Beispiel nach:
'><h1>Hallo Welt</h1><br style='

SQL Injection scheint dank dem Default Escape blockiert, wäre sonst aber wohl auch möglich.

Associated revisions

Revision bd12dc86 (diff)
Added by Carsten Rose over 2 years ago

#5030, Manual.rst: Fixed example with XSS vulnerability.

History

#1 Updated by Nicola Chiapolini over 2 years ago

  • Tracker changed from Support to Bug

#2 Updated by Carsten Rose over 2 years ago

  • Status changed from New to Closed

Hallo Nicola

vielen Dank, ist in der naechsten Version gefixt.

CU
Carsten

#3 Updated by Carsten Rose over 2 years ago

  • Assignee set to Carsten Rose
  • Target version set to next

#4 Updated by Carsten Rose over 2 years ago

  • Target version changed from next to 18.4

Also available in: Atom PDF