Bug #23264
closed
class.tslib_content.php returns unfiltered data
0%
Description
In function class.tslib_content.php::MULTIMEDIA one has the ability to specify height and width parameters for such objects via Typoscript.
In Lines 2632, 2633 and 2639, 2640 these values are assigned unfiltered to html attributes which are part of the <embed> tag that is used to embed the defined Object like Movies, Flash Applications or JAVA Class Files.
try some Typoscript like this
- Default PAGE object:
page = PAGE
page.10 = MULTIMEDIA
page.10.file = fileadmin/sample1.mpg
page.10.width = 640" style="border: 3px dotted red;
page.10.height = 480
apply intval() as integer seems to be the desired datatype
(issue imported from #M15227)
Files
Updated by Alexander Opitz about 11 years ago
- Status changed from New to Needs Feedback
- Target version deleted (
0) - Is Regression set to No
Hi,
as this issue is very old. Does the problem still exists within newer versions of TYPO3 CMS (4.5 or 6.1)?
Updated by Roland Schenke about 11 years ago
Thank you for asking.
This issue was posted in my very early days at TYPO3 and wasn't considered a security related issue.
Today height and width have stdWrap capability. Of course it's still important to sanitize your data. ;-)
This issue should be dismissed and closed.
Updated by Alexander Opitz about 11 years ago
- Status changed from Needs Feedback to Closed