[SECURITY] Prevent XSS in scheduler form 21/29121/5
authorNicole Cordes <typo3@cordes.co>
Thu, 3 Apr 2014 14:15:49 +0000 (16:15 +0200)
committerStefan Neufeind <typo3.neufeind@speedpartner.de>
Fri, 4 Apr 2014 11:04:50 +0000 (13:04 +0200)
commit0a33e1ddf37481899e651fd564b40f045390ddd0
tree38b80898809b365b30522c3f0b610cb1cf4b7266
parent3c0c6a0bf8e8fc1f6a7124a31d5fe10fb10d7a49
[SECURITY] Prevent XSS in scheduler form

The class name is submitted in a hidden form and is susceptible to XSS.
The patch introduced htmlspecialchars to prevent XSS possibility.

Resolves: #57603
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I4979e66f28a581e168c56d91327a1bbe2672448d
Reviewed-on: https://review.typo3.org/29121
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
typo3/sysext/scheduler/Classes/Controller/SchedulerModuleController.php