Bug #19638: fe_adminLib.inc - If preview is enable, HSC applied passwords are saved to database - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #19638

closed

fe_adminLib.inc - If preview is enable, HSC applied passwords are saved to database

Added by Marcus Krause almost 16 years ago. Updated over 11 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Category:

Target version:

Start date:

2008-11-24

Due date:

% Done:

Estimated time:

TYPO3 Version:

4.2

PHP Version:

5.2

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

Since TYPO3 version 4.0.9/4.1.7/4.2.1 we apply htmlspecialchars to all form values before showing them again to the user (preview enabled). (see TYPO3 Security Bulletin TYPO3-20080611-1)
Unfortunately this also happens to passwords. As this is absolutely transparent to the user, he will later on ask himself why he cannot use his chosen password to login (pass& a m p ;word instead of pass&word).

In addition, if a user does not fill all required values or any evaluation error occurs, htmlspecialchars will be applied to form values again and again.

I wonder if we could use the session to store original form values in it.
(issue imported from #M9827)

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #19638

fe_adminLib.inc - If preview is enable, HSC applied passwords are saved to database

Updated by Alexander Opitz over 11 years ago

Updated by Chris topher over 11 years ago

Updated by Marcus Krause over 11 years ago