Actions
Bug #33277
closed
sqlI in extension manager
Start date:
2012-01-18
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
4.7
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
Description
sqli in extension manager
see tx_em_Connection_ExtDirectServer line 864
parameter orderby comes from ext direct
public function getRemoteExtensionList($parameters) {
$search = htmlspecialchars($parameters->query);
$limit = htmlspecialchars($parameters->start . ', ' . $parameters->limit);
$orderBy = htmlspecialchars($parameters->sort);
$orderDir = htmlspecialchars($parameters->dir);
if ($orderBy == '') {
$orderBy = 'relevance';
$orderDir = 'ASC';
}
if ($orderBy === 'statevalue') {
$orderBy = 'cache_extensions.state ' . $orderDir;
} elseif ($orderBy === 'relevance') {
$orderBy = 'relevance ' . $orderDir . ', cache_extensions.title ' . $orderDir;
} else {
$orderBy = 'cache_extensions.' . $orderBy . ' ' . $orderDir;
}
......
$list = tx_em_Database::getExtensionListFromRepository(
$repositoryId,
$addFields,
$where,
$orderBy,
$limit
);
later in getExtensionListFromRepository
$ret['results'] = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows(
'cache_extensions.*, count(*) AS versions, cache_extensions.intversion AS maxintversion' .
($addFields === '' ? '' : ',' . $addFields),
'cache_extensions JOIN cache_extensions AS ce ON cache_extensions.extkey = ce.extkey',
'cache_extensions.lastversion=1 AND cache_extensions.repository=' . intval($repository) . $andWhere,
'ce.extkey',
$order,
$limit
);
Updated by Marcus Krause over 10 years ago
- Project changed from 1716 to TYPO3 Core
- Category deleted (
OW-A01: Injection)
according to
http://buzz.typo3.org/teams/security/article/incident-handling-of-typo3-core-issues/
this should be handled publicly
Updated by Andreas Kienast over 9 years ago
- Status changed from New to Closed
- Is Regression set to No
Actions