Bug #19638
closed
fe_adminLib.inc - If preview is enable, HSC applied passwords are saved to database
0%
Description
Since TYPO3 version 4.0.9/4.1.7/4.2.1 we apply htmlspecialchars to all form values before showing them again to the user (preview enabled). (see TYPO3 Security Bulletin TYPO3-20080611-1)
Unfortunately this also happens to passwords. As this is absolutely transparent to the user, he will later on ask himself why he cannot use his chosen password to login (pass& a m p ;word instead of pass&word).
In addition, if a user does not fill all required values or any evaluation error occurs, htmlspecialchars will be applied to form values again and again.
I wonder if we could use the session to store original form values in it.
(issue imported from #M9827)
Updated by Alexander Opitz over 11 years ago
- Status changed from New to Needs Feedback
- Target version deleted (
0)
The issue is very old, does this issue exists in newer versions of TYPO3 CMS (4.5 or 6.1)?
Updated by Chris topher over 11 years ago
- Status changed from Needs Feedback to Closed
fe_adminLib.inc is no longer part of the Core; it has been removed.
Updated by Marcus Krause over 11 years ago
fe_adminLib.inc is part of TYPO3 4.5 which has not reached EOL