[SECURITY] Escape caption of media using css_styled_content 84/45284/2
authorGeorg Ringer <georg.ringer@gmail.com>
Tue, 15 Dec 2015 10:38:47 +0000 (11:38 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 15 Dec 2015 10:38:57 +0000 (11:38 +0100)
commit3b36b051c00137cf525dc6ff7f0b2b0ea795167c
tree71adcea555291cc7050a4843b0231d369ef886c2
parentc252deb71a9190ecbad0fedf7793fa1fce78cc64
[SECURITY] Escape caption of media using css_styled_content

The caption must be escaped. As this is only a textarea, the parsefunc
is not needed.

Furthermore, the fields "altText" and "titleText" use htmlspecialchars instead of stripHtml.

Resolves: #41690
Releases: master, 6.2
Security-Commit: 2cfa39c452a35286deffdac4f0a03314e6f6ee69
Security-Bulletins: TYPO3-CORE-SA-2015-010, 011, 012, 013, 014, 015
Change-Id: I17a43cfa860c058054cd73f6ab751edfa91a02ce
Reviewed-on: https://review.typo3.org/45284
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/css_styled_content/static/setup.txt
typo3/sysext/css_styled_content/static/v6.2/setup.txt