[SECURITY] Fix XSS in rtehtmlarea 83/45283/2
authorGeorg Ringer <georg.ringer@gmail.com>
Tue, 15 Dec 2015 10:38:28 +0000 (11:38 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 15 Dec 2015 10:38:37 +0000 (11:38 +0100)
commitc252deb71a9190ecbad0fedf7793fa1fce78cc64
tree79cb200719423c174a7d3bb316f2be2f6837e941
parent57e482736e269c8d0e62dd8de66129d19fb644d8
[SECURITY] Fix XSS in rtehtmlarea

The SpellCheckingController needs to quote external parameters.

Resolves: #37399
Releases: master, 6.2
Security-Commit: 0c5bb0ef87817710a7276f205b9efd62c9e68924
Security-Bulletins: TYPO3-CORE-SA-2015-010, 011, 012, 013, 014, 015
Change-Id: I4e341ae19cd16734ce228e6ed1250124ee9811f9
Reviewed-on: https://review.typo3.org/45283
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/rtehtmlarea/Classes/Controller/SpellCheckingController.php