TYPO3 Core

The 4.2 branch patch looks okay to me (although I'd prefer intval, but that is just a style issue). As this isn't on the trunk, we won't have any unit tests for this.

On the trunk, a similar problem exists in t3lib_frontendedit::editAction. I'm still looking into whether this is used in any DB calls.

Ernesto, could you have a look at the trunk patch?

The patch also adds missing (but used) member variable.

Oli, patch is fine, the unit test work.

I was not really able to exploit the issue, but the potential is probably there, and these patches will fix it.

I would apply the same sort of fix to the 4.2 branch (there in t3lib_tsfebeuserauth::extEditAction), meaning using intval instead of (int) casting, as this is the style used throughout this file already.

+1 by reviewing and testing on all branches (including 4.1, as the function is the same as in 4.2).

I've created new 4.1 and 4.2 patches that now use intval instead of (int).

Wow. I opened this security bug in july 2009, and four months later a new patch has been developed, changing "(int)" to "intval("? You are my true heroes.

Christian, there are several patches. The cosmetic change is on the 4.1 and 4.2 branch versions only. The biggest part of the work has been done on the trunk, including unit tests.

+1 (did not look at the testcases though)

+1 on reading the following patches:
11586.diff
11586_41.diff
11586_42.diff

Commited to
trunk (rev.6229 = beta2)
TYPO3 4.2 (rev. 6230 = 4.2.10)
TYPO3 4.1 (rev. 6231 = 4.1.11)

reopened to change it to "public".