Project

General

Profile

Actions
Copy link

Bug #28825

closed

Using an apostrophe in the Workspace Name causes quite blank backend

Added by Ingo Pfennigstorf over 12 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Marco Bresch
Category:
Workspaces
Target version:
-
Start date:
2011-08-08
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.3
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

When you add a workspace with a name like "Sonja's Workspace" and try to switch to it only the upper menu bar in the backend will show up, the other parts are left blank.
Though it might be clear for information scientists, editors do use names like this.
The error seemed to appear in typo3/js/modulemenu.js - so i'm not really sure whether it's a core issue or belongs to the workspace team.

Actions
Copy link
 #1

Updated by Christian Kuhn over 12 years ago

  • Project changed from 624 to 1716
  • Category deleted (Bugs)
Actions
Copy link
 #2

Updated by Christian Kuhn over 12 years ago

This sounds like a security issue, we have to check it.

Actions
Copy link
 #3

Updated by Oliver Hader over 12 years ago

Confirmed as XSS

When switching to the accordant workspace, next to the user's name the title of the active workspace is shown - without sanitation...
Classical XSS, however sys_workspaces records can only be edited on root level - so only admins can introduce the XSS...

Actions
Copy link
 #4

Updated by Oliver Hader over 12 years ago

  • Status changed from New to Accepted
Actions
Copy link
 #5

Updated by Steffen Gebert over 12 years ago

Wasn't the decision of the security team that issues, which can only be introduced by admins are not treated as security issues? So I think we can handle this one publicly (however, have no problem, if not).

Actions
Copy link
 #6

Updated by Helmut Hummel over 12 years ago

Yes, it is an issue which only an admin can exploit. We can assign this to the public workspace project.

Actions
Copy link
 #7

Updated by Helmut Hummel over 12 years ago

  • Project changed from 1716 to 624
  • Status changed from Accepted to New
Actions
Copy link
 #8

Updated by Marco Bresch over 12 years ago

  • Status changed from New to Accepted
  • Assignee set to Marco Bresch
Actions
Copy link
 #9

Updated by Mr. Hudson over 12 years ago

Patch set 1 of change I66bf3864d10d713dda8e64cbde0846ef1a810868 has been pushed to the review server.
It is available at http://review.typo3.org/6632

Actions
Copy link
 #10

Updated by Marco Bresch over 12 years ago

  • % Done changed from 0 to 50

Patch for 4.5 coming soon

Actions
Copy link
 #11

Updated by Marco Bresch over 12 years ago

  • Status changed from Accepted to Under Review
  • % Done changed from 50 to 100

Patch set 1 works fine for 4.5 too.

Actions
Copy link
 #12

Updated by Mr. Hudson over 12 years ago

Patch set 2 of change I66bf3864d10d713dda8e64cbde0846ef1a810868 has been pushed to the review server.
It is available at http://review.typo3.org/6632

Actions
Copy link
 #13

Updated by Mr. Hudson over 12 years ago

Patch set 1 of change I0c3be5d93d6c0413df80b3b5386c0da9a7719c86 has been pushed to the review server.
It is available at http://review.typo3.org/6738

Actions
Copy link
 #14

Updated by Mr. Hudson over 12 years ago

Patch set 1 of change Ie5eb328fafad556febc95b73f0bb31f1cc3713fa has been pushed to the review server.
It is available at http://review.typo3.org/6739

Actions
Copy link
 #15

Updated by Marco Bresch over 12 years ago

  • Status changed from Under Review to Resolved

4.5, 4.6 and master

Actions
Copy link
 #16

Updated by Michael Stucki over 10 years ago

  • Category set to Workspaces
Actions
Copy link
 #17

Updated by Michael Stucki over 10 years ago

  • Project changed from 624 to TYPO3 Core
  • Category changed from Workspaces to Workspaces
Actions
Copy link
 #18

Updated by Benni Mack over 5 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF