From 9bb2fe60d8938048c9049e2d660c0ae8409b21d4 Mon Sep 17 00:00:00 2001 From: Oliver Hader Date: Thu, 16 Dec 2010 13:37:18 +0000 Subject: [PATCH] Fixed bug #14402: XSS in Install tool (thanks to Benjamin Mack) git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-4@9770 709f56b5-9817-0410-a4d7-c38de5d9e867 --- ChangeLog | 4 ++ typo3/sysext/install/mod/class.tx_install.php | 64 +++++++++---------- .../class.tx_coreupdates_compatversion.php | 4 +- 3 files changed, 38 insertions(+), 34 deletions(-) diff --git a/ChangeLog b/ChangeLog index 33386cd9d7a6..aac1e9527ba9 100755 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2010-12-16 Oliver Hader + + * Fixed bug #14402: XSS in Install tool (thanks to Benjamin Mack) + 2010-12-07 Christian Kuhn * Fixed bug #16696: [Caching framework] unit tests: Fatal error in t3lib_cache_backend_dbbackendTest due to call to undefined method diff --git a/typo3/sysext/install/mod/class.tx_install.php b/typo3/sysext/install/mod/class.tx_install.php index e0d11a7151fd..693b0820d30a 100755 --- a/typo3/sysext/install/mod/class.tx_install.php +++ b/typo3/sysext/install/mod/class.tx_install.php @@ -912,8 +912,8 @@ function stepOutput() { There is no connection to the database!
- (Username: ' . TYPO3_db_username . ', - Host: ' . TYPO3_db_host . ', + (Username: ' . htmlspecialchars(TYPO3_db_username) . ', + Host: ' . htmlspecialchars(TYPO3_db_host) . ', Using Password: YES)
Go to Step 1 and enter a valid username and password! @@ -922,7 +922,7 @@ function stepOutput() { $error_missingDB = '

- There is no access to the database (' . TYPO3_db . ')! + There is no access to the database (' . htmlspecialchars(TYPO3_db) . ')!
Go to Step 2 and select a valid database! @@ -998,11 +998,11 @@ function stepOutput() { 'encryptionKey' => $this->createEncryptionKey(), 'branch' => TYPO3_branch, 'labelUsername' => 'Username', - 'username' => TYPO3_db_username, + 'username' => htmlspecialchars(TYPO3_db_username), 'labelPassword' => 'Password', - 'password' => TYPO3_db_password, + 'password' => htmlspecialchars(TYPO3_db_password), 'labelHost' => 'Host', - 'host' => TYPO3_db_host ? TYPO3_db_host : 'localhost', + 'host' => TYPO3_db_host ? htmlspecialchars(TYPO3_db_host) : 'localhost', 'continue' => 'Continue', 'llDescription' => 'If you have not already created a username and password to access the database, please do so now. This can be done using tools provided by your host.' ); @@ -1149,11 +1149,11 @@ function stepOutput() { $step4SubPartMarkers = array( 'llSummary' => 'Database summary:', 'llUsername' => 'Username:', - 'username' => TYPO3_db_username, + 'username' => htmlspecialchars(TYPO3_db_username), 'llHost' => 'Host:', - 'host' => TYPO3_db_host, + 'host' => htmlspecialchars(TYPO3_db_host), 'llDatabase' => 'Database:', - 'database' => TYPO3_db, + 'database' => htmlspecialchars(TYPO3_db), 'llNumberTables' => 'Number of tables:', 'numberTables' => count($whichTables), 'action' => htmlspecialchars($this->action), @@ -3126,9 +3126,9 @@ function checkDatabase() {

You may need to enter data for these values:
- Username: ' . TYPO3_db_username . ' + Username: ' . htmlspecialchars(TYPO3_db_username) . '
- Host: ' . TYPO3_db_host . ' + Host: ' . htmlspecialchars(TYPO3_db_host) . '

Use the form below. @@ -3142,13 +3142,13 @@ function checkDatabase() { Username:

- ' . TYPO3_db_username . ' + ' . htmlspecialchars(TYPO3_db_username) . '
Host:
- ' . TYPO3_db_host . ' + ' . htmlspecialchars(TYPO3_db_host) . '
', -1, 1); @@ -3165,7 +3165,7 @@ function checkDatabase() { } elseif (!$GLOBALS['TYPO3_DB']->sql_select_db(TYPO3_db)) { $this->message($ext, 'Database', '

- \''.TYPO3_db.'\' could not be selected as database! + \'' . htmlspecialchars(TYPO3_db) . '\' could not be selected as database!
Please select another one or create a new database.

@@ -3174,7 +3174,7 @@ function checkDatabase() { } else { $this->message($ext, 'Database', '

- ' . TYPO3_db . ' is selected as + ' . htmlspecialchars(TYPO3_db) . ' is selected as database.

', 1, 1); @@ -3193,9 +3193,9 @@ function checkDatabase() {

Connecting to SQL database failed with these settings:
- Username: ' . TYPO3_db_username . ' + Username: ' . htmlspecialchars(TYPO3_db_username) . '
- Host: ' . TYPO3_db_host . ' + Host: ' . htmlspecialchars(TYPO3_db_host) . '

Make sure you\'re using the correct set of data. @@ -4397,25 +4397,25 @@ function checkTheImageProcessing() { ImageMagick enabled:

- ' . $GLOBALS['TYPO3_CONF_VARS']['GFX']['im'] . ' + ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['im']) . '
ImageMagick path:
- ' . $im_path . ' (' . $im_path_version . ') + ' . htmlspecialchars($im_path) . ' (' . htmlspecialchars($im_path_version) . ')
ImageMagick path/LZW:
- ' . $im_path_lzw . ' (' . $im_path_lzw_version . ') + ' . htmlspecialchars($im_path_lzw) . ' (' . htmlspecialchars($im_path_lzw_version) . ')
Version 5/GraphicsMagick flag:
- ' . ($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5'] ? $GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5'] : ' ') . ' + ' . ($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5'] ? htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5']) : ' ') . '
@@ -4423,33 +4423,33 @@ function checkTheImageProcessing() { GDLib enabled:
- ' . ($GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib'] ? $GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib'] : ' ') . ' + ' . ($GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib'] ? htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib']) : ' ') . '
GDLib using PNG:
- ' . ($GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib_png'] ? $GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib_png'] : ' ') . ' + ' . ($GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib_png'] ? htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib_png']) : ' ') . '
IM5 effects enabled:
- ' . $GLOBALS['TYPO3_CONF_VARS']['GFX']['im_v5effects'] . ' + ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_v5effects']) . ' (Blurring/Sharpening with IM 5+)
Freetype DPI:
- ' . $GLOBALS['TYPO3_CONF_VARS']['GFX']['TTFdpi'] . ' + ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['TTFdpi']) . ' (Should be 96 for Freetype 2)
Mask invert:
- ' . $GLOBALS['TYPO3_CONF_VARS']['GFX']['im_imvMaskState'] . ' + ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_imvMaskState']) . ' (Should be set for some IM versions approx. 5.4+)
@@ -4458,7 +4458,7 @@ function checkTheImageProcessing() { File Formats:
- ' . $GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'] . ' + ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext']) . '
'; @@ -4481,8 +4481,8 @@ function checkTheImageProcessing() { $msg .= '

Warning: Mismatch between the version of ImageMagick' . - ' (' . $im_path_version.') and the configuration of ' . - '[GFX][im_version_5] (' . $GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5'] . ') + ' (' . htmlspecialchars($im_path_version) . ') and the configuration of ' . + '[GFX][im_version_5] (' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5']) . ')

'; $etype=2; @@ -5416,20 +5416,20 @@ function checkTheDatabase() { Username:
- ' . TYPO3_db_username . ' + ' . htmlspecialchars(TYPO3_db_username) . '
Host:
- ' . TYPO3_db_host . ' + ' . htmlspecialchars(TYPO3_db_host) . '
', -1, 1); $this->message($headCode, 'Database', '

- ' . TYPO3_db . ' is selected as database. + ' . htmlspecialchars(TYPO3_db) . ' is selected as database.
Has ' . count($whichTables) . ' tables.

diff --git a/typo3/sysext/install/updates/class.tx_coreupdates_compatversion.php b/typo3/sysext/install/updates/class.tx_coreupdates_compatversion.php index 250625cb15d8..705c72207372 100644 --- a/typo3/sysext/install/updates/class.tx_coreupdates_compatversion.php +++ b/typo3/sysext/install/updates/class.tx_coreupdates_compatversion.php @@ -98,7 +98,7 @@ function checkForUpdate(&$description) {

Your current TYPO3 installation is configured to behave like version - ' . $TYPO3_CONF_VARS['SYS']['compat_version'] . ' + ' . htmlspecialchars($TYPO3_CONF_VARS['SYS']['compat_version']) . ' of TYPO3. If you just upgraded from this version, you most likely want to use new features as well. @@ -153,7 +153,7 @@ function getUserInput($inputPrefix) { } else { $content = '

- TYPO3 output is currently compatible to version ' . $TYPO3_CONF_VARS['SYS']['compat_version'] . '. + TYPO3 output is currently compatible to version ' . htmlspecialchars($TYPO3_CONF_VARS['SYS']['compat_version']) . '. To use all the new features in the current TYPO3 version, make sure you follow the guidelines below to upgrade without problems.