TYPO3 Forge: Issueshttp://forge.typo3.org/http://forge.typo3.org/themes/typo3_forge/favicon/favicon.png?17058661692008-10-29T17:10:31ZTYPO3 Forge
Redmine TYPO3 Core - Bug #19523 (Closed): Crossite scripting vulnerability in Core ext. feloginhttp://forge.typo3.org/issues/195232008-10-29T17:10:31ZDirk Hoffmannhoffmann@vmd-jena.de
<p>The redirect_url parameter in felogin extension is not filtered by htmlspecialchars.</p>
<p>I have test this on a fresh installed Tzpo3 4.2.2 without anz third partz extensions.<br />Simple create a loginform and call the login page e.g with this url:</p>
<p><a class="external" href="http://www.somedomain.tld/index.php?id=login&redirect_url=%22%3e%3cSCRIPT%3ealert('Paros')%3c/SCRIPT%3e%3cspan%20%22">http://www.somedomain.tld/index.php?id=login&redirect_url=%22%3e%3cSCRIPT%3ealert('Paros')%3c/SCRIPT%3e%3cspan%20%22</a></p>
<p>"login" is the alias of the login page</p>
<p>Note: In some cases the server configuration can prevent this isue.<br />(issue imported from #M9673)</p> TYPO3 Core - Bug #19369 (Closed): Ordered list numbering only posible from 1 to 9http://forge.typo3.org/issues/193692008-09-23T12:44:24ZDirk Hoffmannhoffmann@vmd-jena.de
<p>An ordered list in RTE with more than 9 entries.<br />The numbering over 9 begins with 0 again.</p>
<p>No numbering above 9 posible.</p>
<p>This affects only in RTE view. In frontend the numbering are correct.</p>
<p>Create a ordered list in RTE with more than 9 or 10 entries.</p>
<p>(issue imported from #M9414)</p> TYPO3 Core - Bug #18511 (Closed): Cursor keys up and down not work in RTE and new Typoscript editorhttp://forge.typo3.org/issues/185112008-03-28T20:45:19ZDirk Hoffmannhoffmann@vmd-jena.de
<p>There are no way to navigate with the up and down cursor keys in RTE HtmlArea Textfield and in the new Typoscript editor textfield.<br />Cursor keys left and right works.</p>
<p>Simple textfields e.g. TCA-Config in Pages also works.</p>
<p>OS Client: Windows Vista Business<br />OS Server: Testet with Linux / Apache and Windows Vista Business / Apache<br />Webbrowser: Firefox 2.0.0.13</p>
<p>(issue imported from #M7956)</p>