General

Profile

Marcus Krause

  • Login: mkrause
  • Registered on: 2008-04-27
  • Last sign in: 2015-05-05

Issues

open closed Total
Assigned issues 0 39 39
Reported issues 0 66 66

Activity

2014-12-18

14:02 TYPO3 Core Feature #21779: Integrate OWASP ESAPI for PHP
FYI: ESAPI for PHP is dead.
Nonetheless, the idea to have something like this is good.
Marcus Krause
13:57 TYPO3 Core Feature #28230: Add support for PBKDF2 to hashing
I started with this feature in March 2013 - see https://twitter.com/t3sec/status/313413250693881858
Let's see if I c...
Marcus Krause

2014-05-22

09:34 TYPO3 Core Revision 6c6ae4b6: [SECURITY] XSS in new content element wizard
Sanitize user-input colPos in new content element wizard.
Change-Id: Ifa90ea1ede3b6c2a5436c505993c533803306d01
Fixes...
Marcus Krause
09:33 TYPO3 Core Revision 12741ad6: [SECURITY] XSS in new content element wizard
Sanitize user-input colPos in new content element wizard.
Change-Id: I68ee05a9113b2a0266c0be612b1a10272cb986a2
Fixes...
Marcus Krause
09:32 TYPO3 Core Revision 00f00b15: [SECURITY] XSS in new content element wizard
Sanitize user-input colPos in new content element wizard.
Change-Id: Ic43566fc93fadf6a1d997ff73bf027468001fb38
Fixes...
Marcus Krause

2013-12-10

10:55 TYPO3 Core Revision 226d624a: [SECURITY] XSS in colorpicker wizard
Encode user-input in JavaScript context for colorpicker.
Change-Id: I1121d6d20c90e476a2d0ea4f000b180e843a4ce0
Fixes:...
Marcus Krause
10:54 TYPO3 Core Revision cb8db286: [SECURITY] XSS in colorpicker wizard
Encode user-input in JavaScript context for colorpicker.
Change-Id: If3da2b476a98efa67815bf84095843ab2f65949f
Fixes:...
Marcus Krause
10:53 TYPO3 Core Revision 0f1e28b9: [SECURITY] XSS in colorpicker wizard
Encode user-input in JavaScript context for colorpicker.
Change-Id: I83790887c4239d62b6783fd6269169085607b7d4
Fixes:...
Marcus Krause
10:52 TYPO3 Core Revision 573f7209: [SECURITY] XSS vulnerability in extension manager
Add escaping on extension meta data when rendering.
Change-Id: I6f65cb5fb4f0d290349c15c03a3d52f4b0d18fda
Fixes: #208...
Marcus Krause
10:51 TYPO3 Core Revision 0bc4fc4f: [SECURITY] Unsafe unserialize of GET parameter in Add-Wizard
If the TCEforms wizard "add" is used, the original opened document
is closed and a new one is created in which you th...
Marcus Krause

Also available in: Atom