Bug #42890

Regression: Javascript error in Backend (jumpToUrl)

Added by Ernesto Baschny about 7 years ago. Updated about 7 years ago.

Status:
Rejected
Priority:
Must have
Assignee:
-
Category:
Backend User Interface
Target version:
Start date:
2012-11-12
Due date:
% Done:

0%

TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

All checkboxes in the Backend that contain a "onclick" pointing to "jumpToUrl" seem to be broken in the latest release of TYPO3. The Javascript pops up an error:

Uncaught ReferenceError: Invalid left-hand side in assignment

To test, go to the list module and try to select "Extended View" or "Localization View" from the options beneath the list.

Or in Extension Manager (the old-old one), try to select "Display shy extensions"

Tested on 4.5.x, but should affect also the latest security releases of the other branches as well.


Related issues

Duplicates TYPO3 Core - Bug #42812: Most checkboxes (like Extended View) are not working due to javascript bug Closed 2012-11-09

History

#1 Updated by Ernesto Baschny about 7 years ago

Through git bisect (I love it...) I could isolate this commit as the "bad one":

commit a768d97c4c93197563bbc148ff0ed1baacc0d0d3
Author: Helmut Hummel <helmut.hummel@typo3.org>
Date:   Thu Nov 8 12:43:50 2012 +0100

    [SECURITY] Fix potential XSS in t3lib_BEfunc::getFuncCheck

    The method getFuncCheck creates an URL from input variables and puts
    it in JavaScript context without properly encoding them.

    This might lead to XSS if the input variables come from untrusted source.

    Fixes: #42776
    Releases: 6.0, 4.7, 4.6, 4.5

#2 Updated by Ernesto Baschny about 7 years ago

  • Status changed from Accepted to Rejected

Sorry, this has been reported (and even fixed already) :) Thanks for your time...

Also available in: Atom PDF