Project

General

Profile

Actions
Copy link

Bug #5030

closed

Dokumentation: Code-Beispiel enthält Sicherheitsproblem

Added by Nicola Chiapolini over 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
High
Assignee:
Carsten Rose
Target version:
18.4
Start date:
30.11.2017
Due date:
% Done:

0%

Estimated time:
Discuss:
Prio Planung:
Vote:

Description

https://docs.typo3.org/typo3cms/drafts/github/T3DocumentationStarter/Public-Info-053/Manual.html#person-search-form

Die Sanitizer in den Variablen ist falsch (all statt alnumx).

Im Bereich HTML erlaubt das Cross-Site Scripting.

Suche zum Beispiel nach:
'><h1>Hallo Welt</h1><br style='

SQL Injection scheint dank dem Default Escape blockiert, wäre sonst aber wohl auch möglich.

Actions
Copy link
 #1

Updated by Nicola Chiapolini over 6 years ago

  • Tracker changed from Support to Bug
Actions
Copy link
 #2

Updated by Carsten Rose about 6 years ago

  • Status changed from New to Closed

Hallo Nicola

vielen Dank, ist in der naechsten Version gefixt.

CU
Carsten

Actions
Copy link
 #3

Updated by Carsten Rose about 6 years ago

  • Assignee set to Carsten Rose
  • Target version set to 55
Actions
Copy link
 #4

Updated by Carsten Rose almost 6 years ago

  • Target version changed from 55 to 18.4
Actions
Copy link

Also available in: Atom PDF