Bug #32040

BE-User Admin module column 'workspaces membership' needs to be converted

Added by Marco Bresch over 8 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
-
Target version:
-
Start date:
2011-11-23
Due date:
% Done:

100%

TYPO3 Version:
4.7
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

The column 'workspaces membership' have a XSS vulnerability.

As described in http://buzz.typo3.org/teams/security/article/incident-handling-of-typo3-core-issues this bug can be public. I will submit my fix to Gerrit soon.

Associated revisions

Revision eae75337 (diff)
Added by Marco Bresch over 8 years ago

[BUGFIX][SECURITY] XSS vulnerability in BE-User Admin module

Fix XSS at column 'workspace membership'.

How to test:
  • choose a workspace title like "<b>test</b>"
  • assign a user as member to the workspace
  • select the BE-module "Admin Tools->User Admin"
  • select the checkbox "Workspace membership"
  • press update
  • take a look at column "Workspace membership"

Change-Id: I29bb7d05a2740cc9c88eb67c224e942dfc9165dc
Fixes: #32040
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/6878
Reviewed-by: Oliver Klee
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

Revision e13b2b9a (diff)
Added by Marco Bresch over 8 years ago

[BUGFIX][SECURITY] XSS vulnerability in BE-User Admin module

Fix XSS at column 'workspace membership'.

How to test:
  • choose a workspace title like "<b>test</b>"
  • assign a user as member to the workspace
  • select the BE-module "Admin Tools->User Admin"
  • select the checkbox "Workspace membership"
  • press update
  • take a look at column "Workspace membership"

Change-Id: I7036eb070d94beb73c539091135b188f588e171d
Fixes: #32040
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/6961
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

Revision c1a0c9c3 (diff)
Added by Marco Bresch over 8 years ago

[BUGFIX][SECURITY] XSS vulnerability in BE-User Admin module

Fix XSS at column 'workspace membership'.

How to test:
  • choose a workspace title like "<b>test</b>"
  • assign a user as member to the workspace
  • select the BE-module "Admin Tools->User Admin"
  • select the checkbox "Workspace membership"
  • press update
  • take a look at column "Workspace membership"

Change-Id: I278287728db76b256607bcd07f58751553b40868
Fixes: #32040
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/6963
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

Revision 3ffa4305 (diff)
Added by Marco Bresch over 8 years ago

[BUGFIX][SECURITY] XSS vulnerability in BE-User Admin module

Fix XSS at column 'workspace membership'.

How to test:
  • choose a workspace title like "<b>test</b>"
  • assign a user as member to the workspace
  • select the BE-module "Admin Tools->User Admin"
  • select the checkbox "Workspace membership"
  • press update
  • take a look at column "Workspace membership"

Change-Id: I29bb7d05a2740cc9c88eb67c224e942dfc9165dc
Fixes: #32040
Releases: 4.7, 4.6, 4.5, 4.4
Reviewed-on: http://review.typo3.org/6964
Reviewed-by: Georg Ringer
Tested-by: Georg Ringer

History

#1 Updated by Mr. Jenkins over 8 years ago

  • Status changed from New to Under Review

Patch set 1 of change I29bb7d05a2740cc9c88eb67c224e942dfc9165dc has been pushed to the review server.
It is available at http://review.typo3.org/6878

#2 Updated by Marco Bresch over 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

#3 Updated by Benni Mack over 1 year ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF