Project

General

Profile

Actions

Bug #42890

closed

Regression: Javascript error in Backend (jumpToUrl)

Added by Ernesto Baschny over 11 years ago. Updated over 11 years ago.

Status:
Rejected
Priority:
Must have
Assignee:
-
Category:
Backend User Interface
Target version:
Start date:
2012-11-12
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

All checkboxes in the Backend that contain a "onclick" pointing to "jumpToUrl" seem to be broken in the latest release of TYPO3. The Javascript pops up an error:

Uncaught ReferenceError: Invalid left-hand side in assignment

To test, go to the list module and try to select "Extended View" or "Localization View" from the options beneath the list.

Or in Extension Manager (the old-old one), try to select "Display shy extensions"

Tested on 4.5.x, but should affect also the latest security releases of the other branches as well.


Related issues 1 (0 open1 closed)

Is duplicate of TYPO3 Core - Bug #42812: Most checkboxes (like Extended View) are not working due to javascript bugClosed2012-11-09

Actions
Actions #1

Updated by Ernesto Baschny over 11 years ago

Through git bisect (I love it...) I could isolate this commit as the "bad one":

commit a768d97c4c93197563bbc148ff0ed1baacc0d0d3
Author: Helmut Hummel <helmut.hummel@typo3.org>
Date:   Thu Nov 8 12:43:50 2012 +0100

    [SECURITY] Fix potential XSS in t3lib_BEfunc::getFuncCheck

    The method getFuncCheck creates an URL from input variables and puts
    it in JavaScript context without properly encoding them.

    This might lead to XSS if the input variables come from untrusted source.

    Fixes: #42776
    Releases: 6.0, 4.7, 4.6, 4.5
Actions #2

Updated by Ernesto Baschny over 11 years ago

  • Status changed from Accepted to Rejected

Sorry, this has been reported (and even fixed already) :) Thanks for your time...

Actions

Also available in: Atom PDF