Bug #28825: Using an apostrophe in the Workspace Name causes quite blank backend - TYPO3 Core - TYPO3 Forge

Actions

Bug #28825

closed

Using an apostrophe in the Workspace Name causes quite blank backend

Added by Ingo Pfennigstorf over 13 years ago. Updated about 6 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Category:

Workspaces

Target version:

-

Start date:

2011-08-08

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

4.5

PHP Version:

5.3

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

When you add a workspace with a name like "Sonja's Workspace" and try to switch to it only the upper menu bar in the backend will show up, the other parts are left blank.
Though it might be clear for information scientists, editors do use names like this.
The error seemed to appear in typo3/js/modulemenu.js - so i'm not really sure whether it's a core issue or belongs to the workspace team.

Actions

#1

Updated by Christian Kuhn over 13 years ago

Project changed from 624 to 1716
Category deleted (~~Bugs~~)

Actions

#2

Updated by Christian Kuhn over 13 years ago

This sounds like a security issue, we have to check it.

Actions

#3

Updated by Oliver Hader over 13 years ago

Confirmed as XSS

When switching to the accordant workspace, next to the user's name the title of the active workspace is shown - without sanitation...
Classical XSS, however sys_workspaces records can only be edited on root level - so only admins can introduce the XSS...

Actions

#4

Updated by Oliver Hader over 13 years ago

Status changed from New to Accepted

Actions

#5

Updated by Steffen Gebert over 13 years ago

Wasn't the decision of the security team that issues, which can only be introduced by admins are not treated as security issues? So I think we can handle this one publicly (however, have no problem, if not).

Actions

#6

Updated by Helmut Hummel about 13 years ago

Yes, it is an issue which only an admin can exploit. We can assign this to the public workspace project.

Actions

#7

Updated by Helmut Hummel about 13 years ago

Project changed from 1716 to 624
Status changed from Accepted to New

Actions

#8

Updated by Marco Bresch about 13 years ago

Status changed from New to Accepted
Assignee set to Marco Bresch

Actions

#9

Updated by Mr. Hudson about 13 years ago

Patch set 1 of change I66bf3864d10d713dda8e64cbde0846ef1a810868 has been pushed to the review server.
It is available at http://review.typo3.org/6632

Actions

#10

Updated by Marco Bresch about 13 years ago

% Done changed from 0 to 50

Patch for 4.5 coming soon

Actions

#11

Updated by Marco Bresch about 13 years ago

Status changed from Accepted to Under Review
% Done changed from 50 to 100

Patch set 1 works fine for 4.5 too.

Actions

#12

Updated by Mr. Hudson about 13 years ago

Patch set 2 of change I66bf3864d10d713dda8e64cbde0846ef1a810868 has been pushed to the review server.
It is available at http://review.typo3.org/6632

Actions

#13

Updated by Mr. Hudson about 13 years ago

Patch set 1 of change I0c3be5d93d6c0413df80b3b5386c0da9a7719c86 has been pushed to the review server.
It is available at http://review.typo3.org/6738

Actions

#14

Updated by Mr. Hudson about 13 years ago

Patch set 1 of change Ie5eb328fafad556febc95b73f0bb31f1cc3713fa has been pushed to the review server.
It is available at http://review.typo3.org/6739

Actions

#15

Updated by Marco Bresch about 13 years ago

Status changed from Under Review to Resolved

4.5, 4.6 and master

Actions

#16

Updated by Michael Stucki almost 11 years ago

Category set to Workspaces

Actions

#17

Updated by Michael Stucki almost 11 years ago

Project changed from 624 to TYPO3 Core
Category changed from Workspaces to Workspaces

Actions

#18

Updated by Benni Mack about 6 years ago

Status changed from Resolved to Closed

Actions

Also available in: Atom PDF