Fixed bug #10298: Various XSS issues in the BE user admin module
[Packages/TYPO3.CMS.git] / typo3 / sysext / beuser / mod / index.php
index 998fa22..8c94fc8 100755 (executable)
@@ -1304,8 +1304,10 @@ class SC_mod_tools_be_user_index {
                                }
                        }
 
-                       $outTable = '<table border="0" cellpadding="1" cellspacing="1"><tr class="bgColor5"><td>'.t3lib_iconWorks::getIconImage('be_users',$tempBE_USER->user,$GLOBALS['BACK_PATH'],'class="absmiddle" title="'.$tempBE_USER->user['uid'].'"').$tempBE_USER->user['username'].'</td>';
-                       $outTable.= '<td>'.$tempBE_USER->user['realName'].($tempBE_USER->user['email'] ? ', <a href="mailto:'.$tempBE_USER->user['email'].'">'.$tempBE_USER->user['email'].'</a>' : '').'</td>';
+                       $email = htmlspecialchars($tempBE_USER->user['email']);
+                       $realname = htmlspecialchars($tempBE_USER->user['realName']);
+                       $outTable = '<table border="0" cellpadding="1" cellspacing="1"><tr class="bgColor5"><td>'.t3lib_iconWorks::getIconImage('be_users',$tempBE_USER->user,$GLOBALS['BACK_PATH'],'class="absmiddle" title="'.$tempBE_USER->user['uid'].'"').htmlspecialchars($tempBE_USER->user['username']).'</td>';
+                       $outTable.= '<td>'.($realname?$realname.', ':'').($email ? '<a href="mailto:'.$email.'">'.$email.'</a>' : '').'</td>';
                        $outTable.= '<td>'.$this->elementLinks('be_users',$tempBE_USER->user).'</td></tr></table>';
                        $outTable.= '<strong><a href="'.htmlspecialchars($this->MCONF['_']).'">' . $GLOBALS['LANG']->getLL('backToOverview', true) . '</a></strong><br />';
 
@@ -1369,7 +1371,7 @@ class SC_mod_tools_be_user_index {
                                                $comparation[$md5]=$tempBE_USER->ext_printOverview($uInfo,$compareFlags);
                                                $comparation[$md5]['users']=array();
                                        }
-                                       $comparation[$md5]['users'][]=$tempBE_USER->user;       //array('uid'=>$r['uid'],'username'=>$r['username'],'realName'=>$tempBE_USER->user['realName'],'email'=>$tempBE_USER->user['email'],'admin'=>$tempBE_USER->user['admin']);
+                                       $comparation[$md5]['users'][]=$tempBE_USER->user;
                                        unset($tempBE_USER);
                                }
                                $counter++;
@@ -1448,7 +1450,7 @@ class SC_mod_tools_be_user_index {
         * @return      string          the HTML anchor
         */
        function linkUser($str,$rec)    {
-               return '<a href="'.htmlspecialchars($this->MCONF['_']).'&be_user_uid='.$rec['uid'].'">'.$str.'</a>';
+               return '<a href="'.htmlspecialchars($this->MCONF['_']).'&be_user_uid='.$rec['uid'].'">' . htmlspecialchars($str) . '</a>';
        }