Created
June 30, 2012 12:01
-
-
Save pgampe/3023546 to your computer and use it in GitHub Desktop.
Show TYPO3 Typoscript security problem with insertData = 1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| page > | |
| page = PAGE | |
| page.10 = COA_INT | |
| page.10 { | |
| 10 = HMENU | |
| 10 { | |
| special = directory | |
| # a menu root page | |
| special.value = 105 | |
| 1 = TMENU | |
| 1 { | |
| wrap = <ul>|</ul> | |
| NO = 1 | |
| NO { | |
| wrapItemAndSub = <li>{field:uid} |</li> | |
| wrapItemAndSub.insertData = 1 | |
| # the PHP code for WrapItemAndSub is very strange and renders the wrap outside of the content, just | |
| # to apply a wrap later on | |
| # use this to show that this is indeed dangerous | |
| stdWrap.insertData = 1 | |
| } | |
| } | |
| } | |
| 20 = TEXT | |
| 20.value = <p> and now with dataWrap </p> | |
| 30 = HMENU | |
| 30 { | |
| special = directory | |
| # a menu root page | |
| special.value = 105 | |
| 1 = TMENU | |
| 1 { | |
| wrap = <ul>|</ul> | |
| NO = 1 | |
| NO { | |
| # the next line is only needed as bugfix | |
| wrapItemAndSub = | | |
| wrapItemAndSub.dataWrap = <li>{field:uid} |</li> | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment