Fixed bug #11621: XSS vulnerabilities in workspace module
[Packages/TYPO3.CMS.git] / typo3 / wizard_table.php
index 6d2b89d..3331109 100644 (file)
@@ -318,9 +318,8 @@ class SC_wizard_table {
                                $tce->process_datamap();
 
                                        // If the save/close button was pressed, then redirect the screen:
-                               if ($_POST['saveandclosedok_x'])        {
-                                       header('Location: '.t3lib_div::locationHeaderUrl($this->P['returnUrl']));
-                                       exit;
+                               if ($_POST['saveandclosedok_x']) {
+                                       t3lib_utility_Http::redirect($this->P['returnUrl']);
                                }
                        }
                } else {        // If nothing has been submitted, load the $bodyText variable from the selected database row:
@@ -360,7 +359,7 @@ class SC_wizard_table {
                                        if ($this->inputStyle)  {
                                                $cells[]='<input type="text"'.$this->doc->formWidth(20).' name="TABLE[c]['.(($k+1)*2).']['.(($a+1)*2).']" value="'.htmlspecialchars($cellContent).'" />';
                                        } else {
-                                               $cellContent=eregi_replace('<br[ ]?[\/]?>',chr(10),$cellContent);
+                                               $cellContent=preg_replace('/<br[ ]?[\/]?>/i',chr(10),$cellContent);
                                                $cells[]='<textarea '.$this->doc->formWidth(20).' rows="5" name="TABLE[c]['.(($k+1)*2).']['.(($a+1)*2).']">'.t3lib_div::formatForTextarea($cellContent).'</textarea>';
                                        }