Actions
Bug #76478
closedClean up DebuggerUtility
Start date:
2016-06-07
Due date:
% Done:
100%
Estimated time:
TYPO3 Version:
6.2
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:
On Location Sprint
Description
Currently the DebuggerUtility is susceptible to some XSS. As this is not exploitable by an user, this can be handled in public.
Given the following code
$b = '<script>alert(456)</script>'; $a = new \stdClass(); $a->$b = '<script>alert(789)</script>'; $dummy = [ function(array $a, $b = '<script>alert(123)</script>') { return '<script>alert(\'xss\')</script>'; }, $a ]; \TYPO3\CMS\Extbase\Utility\DebuggerUtility::var_dump($dummy);
alert '123' and '456' can be seen.
Actions