Project

General

Profile

Actions
Copy link

Bug #58142

closed

Backend layout, empty colpos breaks JS

Added by Philipp Gampe over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Backend API
Target version:
-
Start date:
2014-04-23
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
5.5
Tags:
Complexity:
easy
Is Regression:
No
Sprint Focus:

Description

Consider the following TS:

backend_layout {
    colCount = 3
    rowCount = 3
    rows {
        1 {
            columns {
                1 {
                    name = Top left
                }
                2 {
                    name = top middle 0
                    colPos = 0
                }
                3 {
                    name = top right 1
                    colPos = 1
                }
            }
        }
        2 {
            columns {
                1 {
                    name = middle left 2
                    colPos = 2
                }
                2 {
                    name = middle middle 3
                    colPos = 3
                }
                3 {
                    name = middle right 4
                    colPos = 4
                }
            }
        }
        3 {
            columns {
                1 {
                    name = lower left
                    colPos = 5
                }
                2 {
                    name = lower middle -1
                    colPos = -1
                }
                3 {
                    name =
                    colPos =
                }
            }
        }
    }
}

This results in the following JS:

t3Grid = new TYPO3.Backend.t3Grid({
                data: [[{colspan:1,rowspan:1,name:'Top left'},{colspan:1,rowspan:1,name:'top middle 0',column:0},{colspan:1,rowspan:1,name:'top right 1',column:1}],[{colspan:1,rowspan:1,name:'middle left 2',column:2},{colspan:1,rowspan:1,name:'middle middle 3',column:3},{colspan:1,rowspan:1,name:'middle right 4',column:4}],[{colspan:1,rowspan:1,name:'lower left',column:5},{colspan:1,rowspan:1,name:'lower middle -1',column:-1},{colspan:1,rowspan:1,name:'',column:}]],
                colCount: 3,
                rowCount: 3,
                targetElement: 'editor'
            });

This is invalid, because the column:} must be column:''}.

Removing the empty colPos = statements makes the JS valid again, because the column property is not rendered.

Solution, check for empty colPos and cast this to a string.

Actions
Copy link
 #1

Updated by Philipp Gampe over 10 years ago

  • Status changed from New to Accepted
Actions
Copy link
 #2

Updated by Helmut Hummel over 10 years ago

  • Status changed from Accepted to Needs Feedback
  • Is Regression changed from Yes to No

Is this a bug that existed before or really a regression?
If it is a regression, which is the change that introduced it?

Removing the regression flag for now

Actions
Copy link
 #3

Updated by Fabian Lachman over 10 years ago

This issue was fixed with:
2014-05-22 938f7f8 #57576 [SECURITY] XSS in Backend Layout Wizard (Helmut Hummel)

where colPos is casted to an int and will therefor return 0 if it is empty.

Actions
Copy link
 #4

Updated by Alexander Opitz over 10 years ago

  • Status changed from Needs Feedback to Closed
  • Target version deleted (next-patchlevel)
Actions
Copy link

Also available in: Atom PDF