git.typo3.org Git - Packages/TYPO3.CMS.git/commit

author	Georg Ringer <georg.ringer@gmail.com>
	Tue, 15 Dec 2015 10:38:47 +0000 (11:38 +0100)
committer	Oliver Hader <oliver.hader@typo3.org>
	Tue, 15 Dec 2015 10:38:57 +0000 (11:38 +0100)
commit	3b36b051c00137cf525dc6ff7f0b2b0ea795167c
tree	71adcea555291cc7050a4843b0231d369ef886c2	tree \| snapshot (zip tar.gz)
parent	c252deb71a9190ecbad0fedf7793fa1fce78cc64	commit \| diff

[SECURITY] Escape caption of media using css_styled_content

The caption must be escaped. As this is only a textarea, the parsefunc
is not needed.

Furthermore, the fields "altText" and "titleText" use htmlspecialchars instead of stripHtml.

Resolves: #41690
Releases: master, 6.2
Security-Commit: 2cfa39c452a35286deffdac4f0a03314e6f6ee69
Security-Bulletins: TYPO3-CORE-SA-2015-010, 011, 012, 013, 014, 015
Change-Id: I17a43cfa860c058054cd73f6ab751edfa91a02ce
Reviewed-on: https://review.typo3.org/45284
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>

typo3/sysext/css_styled_content/static/setup.txt		diff \| blob \| history
typo3/sysext/css_styled_content/static/v6.2/setup.txt		diff \| blob \| history