Skip to content

Commit

Permalink
[BUGFIX] XSS in TYPO3 core when using typolink.parameter JS-Popup Window
Browse files Browse the repository at this point in the history 
Change-Id: Id1cd396d56358519be2b312d39e25b26cf943253
Resolves: #28189
Reviewed-on: http://review.typo3.org/3765
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
  • Loading branch information
@mbresch-sf @ohader
mbresch-sf authored and ohader committed Jul 27, 2011
1 parent 42ee290 commit 8ebc512
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion t3lib/class.t3lib_tstemplate.php
View file
Expand Up @@ -1472,7 +1472,7 @@ function linkData($page, $oTarget, $no_cache, $script, $overrideArray = '', $add
// linkVars
if ($GLOBALS['TSFE']->config['config']['uniqueLinkVars']) {
if ($addParams) {
$LD['linkVars'] = t3lib_div::implodeArrayForUrl('', t3lib_div::explodeUrl2Array($GLOBALS['TSFE']->linkVars . $addParams));
$LD['linkVars'] = t3lib_div::implodeArrayForUrl('', t3lib_div::explodeUrl2Array($GLOBALS['TSFE']->linkVars . $addParams), '', FALSE, TRUE);
} else {
$LD['linkVars'] = $GLOBALS['TSFE']->linkVars;
}
Expand Down
6 changes: 3 additions & 3 deletions typo3/sysext/cms/tslib/class.tslib_content.php
View file
Expand Up @@ -5902,8 +5902,8 @@ function typoLink($linktxt, $conf) {
$target = '';
}

$onClick = "vHWin=window.open('" . $GLOBALS['TSFE']->baseUrlWrap($finalTagParts['url']) .
"','FEopenLink','" . $JSwindowParams . "');vHWin.focus();return false;";
$onClick = "vHWin=window.open(" . t3lib_div::quoteJSvalue($GLOBALS['TSFE']->baseUrlWrap($finalTagParts['url'])) .
",'FEopenLink','" . $JSwindowParams . "');vHWin.focus();return false;";
$res = '<a href="' . htmlspecialchars($finalTagParts['url']) . '"' .
$target . ' onclick="' . htmlspecialchars($onClick) . '"' .
($title ? ' title="' . $title . '"' : '') .
Expand Down Expand Up @@ -6238,7 +6238,7 @@ public function getQueryArguments($conf, $overruleQueryArguments = array(), $for
$newQueryArray = t3lib_div::array_merge_recursive_overrule($newQueryArray, $overruleQueryArguments, TRUE);
}

return t3lib_div::implodeArrayForUrl('', $newQueryArray);
return t3lib_div::implodeArrayForUrl('', $newQueryArray, '', FALSE, TRUE);
}


Expand Down

0 comments on commit 8ebc512

Please sign in to comment.