Skip to content
Permalink
Browse files

[SECURITY] Disallow insecure deserialization for l18n_diffsource

Serialized values in l18n_diffsource are vulnerable to insecure
deserialization when being invoked in FormEngine or DataHandler.

Resolves: #88323
Releases: master, 9.5, 8.7
Security-Commit: 3b96ca7d5b35967b4277ed8cd78cdff4e07d709c
Security-Bulletin: TYPO3-CORE-SA-2019-020
Change-Id: Iea90b0604a8f44413005c1d4fd5c876c55c61094
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/61139
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
  • Loading branch information...
ohader committed Jun 25, 2019
1 parent 802e056 commit 555e0dd2b28f01a2f242dfefc0f344d10de50b2a
@@ -64,7 +64,10 @@ public function addData(array $result)
&& !empty($result['databaseRow'][$result['processedTca']['ctrl']['transOrigDiffSourceField']])
) {
$defaultLanguageKey = $result['tableName'] . ':' . (int)$result['databaseRow']['uid'];
$result['defaultLanguageDiffRow'][$defaultLanguageKey] = unserialize($result['databaseRow'][$result['processedTca']['ctrl']['transOrigDiffSourceField']]);
$result['defaultLanguageDiffRow'][$defaultLanguageKey] = unserialize(
$result['databaseRow'][$result['processedTca']['ctrl']['transOrigDiffSourceField']],
['allowed_classes' => false]
);
}
// Add language overlays from further localizations if requested
@@ -1483,7 +1483,10 @@ public function fillInFieldArray($table, $id, $fieldArray, $incomingFieldArray,
) {
$originalLanguageRecord = $this->recordInfo($table, $currentRecord[$GLOBALS['TCA'][$table]['ctrl']['transOrigPointerField']], '*');
BackendUtility::workspaceOL($table, $originalLanguageRecord);
$originalLanguage_diffStorage = unserialize($currentRecord[$GLOBALS['TCA'][$table]['ctrl']['transOrigDiffSourceField']]);
$originalLanguage_diffStorage = unserialize(
$currentRecord[$GLOBALS['TCA'][$table]['ctrl']['transOrigDiffSourceField']],
['allowed_classes' => false]
);
}
$this->checkValue_currentRecord = $checkValueRecord;

0 comments on commit 555e0dd

Please sign in to comment.
You can’t perform that action at this time.