Bug #23857
closed
Missing intvals to sanitize input data in getReferenceCount and createReferenceHtml
0%
Description
Function setReferences() is set to deprecated and function getReferenceCount() should be used. As the old function got an intval(), also the new one shouldn't miss it.
Function createReferenceHtml() misses an intval too.
Those are internal functions but still should be highly secure
(issue imported from #M16149)
Files
Updated by Helmut Hummel over 13 years ago
This is no vulnerability, but can be discussed if we want this as security enhancement
Updated by Christian Kuhn over 13 years ago
Thanks for the patch. I'll take care.
Updated by Helmut Hummel over 13 years ago
There's also a discussion about that in the core-security list...
Updated by Ingo Renner over 13 years ago
where / which context does this belong to? The description doesn't mention anything...
Updated by
Updated by Alexander Opitz almost 10 years ago
- Status changed from New to Needs Feedback
- Is Regression set to No
Hi,
as this issue is very old. Does the problem still exists within newer versions of TYPO3 CMS (6.2.3)?
Updated by Alexander Opitz over 9 years ago
- Status changed from Needs Feedback to Closed
No feedback within the last 90 days => closing this issue.
If you think that this is the wrong decision or experience this issue again, then please write to the mailing list typo3.teams.bugs with issue number and an explanation or open a new ticket and add a relation to this ticket number.