Actions
Bug #42890
closed
Regression: Javascript error in Backend (jumpToUrl)
Start date:
2012-11-12
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
All checkboxes in the Backend that contain a "onclick" pointing to "jumpToUrl" seem to be broken in the latest release of TYPO3. The Javascript pops up an error:
Uncaught ReferenceError: Invalid left-hand side in assignment
To test, go to the list module and try to select "Extended View" or "Localization View" from the options beneath the list.
Or in Extension Manager (the old-old one), try to select "Display shy extensions"
Tested on 4.5.x, but should affect also the latest security releases of the other branches as well.
Updated by Ernesto Baschny about 12 years ago
Through git bisect (I love it...) I could isolate this commit as the "bad one":
commit a768d97c4c93197563bbc148ff0ed1baacc0d0d3
Author: Helmut Hummel <helmut.hummel@typo3.org>
Date: Thu Nov 8 12:43:50 2012 +0100
[SECURITY] Fix potential XSS in t3lib_BEfunc::getFuncCheck
The method getFuncCheck creates an URL from input variables and puts
it in JavaScript context without properly encoding them.
This might lead to XSS if the input variables come from untrusted source.
Fixes: #42776
Releases: 6.0, 4.7, 4.6, 4.5
Updated by Ernesto Baschny about 12 years ago
- Status changed from Accepted to Rejected
Sorry, this has been reported (and even fixed already) :) Thanks for your time...
Actions