Bug #76478
closedClean up DebuggerUtility
100%
Description
Currently the DebuggerUtility is susceptible to some XSS. As this is not exploitable by an user, this can be handled in public.
Given the following code
$b = '<script>alert(456)</script>'; $a = new \stdClass(); $a->$b = '<script>alert(789)</script>'; $dummy = [ function(array $a, $b = '<script>alert(123)</script>') { return '<script>alert(\'xss\')</script>'; }, $a ]; \TYPO3\CMS\Extbase\Utility\DebuggerUtility::var_dump($dummy);
alert '123' and '456' can be seen.
Updated by Gerrit Code Review almost 8 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/48472
Updated by Nicole Cordes almost 8 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset c4b3d426636aecea8b1458d743d505b1074b448d.
Updated by Gerrit Code Review over 7 years ago
- Status changed from Resolved to Under Review
Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50092
Updated by Stephan Großberndt over 7 years ago
- Sprint Focus set to On Location Sprint
Updated by Nicole Cordes over 7 years ago
- Status changed from Under Review to Resolved
Applied in changeset 4dbff0a05585acfc87d09ab7557149a68e09a2df.
Updated by Gerrit Code Review over 7 years ago
- Status changed from Resolved to Under Review
Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50916
Updated by Nicole Cordes over 7 years ago
- Status changed from Under Review to Resolved
Applied in changeset 5bb34d085ad5a0bdeedeec2880f0889f3e11c889.