Bug #76478

Clean up DebuggerUtility

Added by Nicole Cordes about 5 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
-
Target version:
-
Start date:
2016-06-07
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
On Location Sprint

Description

Currently the DebuggerUtility is susceptible to some XSS. As this is not exploitable by an user, this can be handled in public.

Given the following code

$b = '<script>alert(456)</script>';
$a = new \stdClass();
$a->$b = '<script>alert(789)</script>';

$dummy = [
    function(array $a, $b = '<script>alert(123)</script>') {
        return '<script>alert(\'xss\')</script>';
    },
    $a
];

\TYPO3\CMS\Extbase\Utility\DebuggerUtility::var_dump($dummy);

alert '123' and '456' can be seen.

Also available in: Atom PDF