Bug #76478

Clean up DebuggerUtility

Added by Nicole Cordes over 4 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
-
Target version:
-
Start date:
2016-06-07
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
On Location Sprint

Description

Currently the DebuggerUtility is susceptible to some XSS. As this is not exploitable by an user, this can be handled in public.

Given the following code

$b = '<script>alert(456)</script>';
$a = new \stdClass();
$a->$b = '<script>alert(789)</script>';

$dummy = [
    function(array $a, $b = '<script>alert(123)</script>') {
        return '<script>alert(\'xss\')</script>';
    },
    $a
];

\TYPO3\CMS\Extbase\Utility\DebuggerUtility::var_dump($dummy);

alert '123' and '456' can be seen.

#1

Updated by Gerrit Code Review over 4 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/48472

#2

Updated by Nicole Cordes over 4 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#3

Updated by Gerrit Code Review about 4 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50092

#4

Updated by Stephan Großberndt about 4 years ago

  • Sprint Focus set to On Location Sprint
#5

Updated by Nicole Cordes about 4 years ago

  • Status changed from Under Review to Resolved
#6

Updated by Gerrit Code Review almost 4 years ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch TYPO3_6-2 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/50916

#7

Updated by Nicole Cordes almost 4 years ago

  • Status changed from Under Review to Resolved
#8

Updated by Benni Mack about 2 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF