[TASK] Apply quoteJSvalue or htmlspecialchars to getModuleUrl
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Controller / File / EditFileController.php
index 5b17ace..c19564d 100644 (file)
@@ -118,7 +118,7 @@ class EditFileController {
                                top.goToModule("file_list");
                        }
                ');
-               $this->doc->form = '<form action="' . BackendUtility::getModuleUrl('tce_file') . '" method="post" name="editform">';
+               $this->doc->form = '<form action="' . htmlspecialchars(BackendUtility::getModuleUrl('tce_file')) . '" method="post" name="editform">';
        }
 
        /**