[SECURITY] Prevent XSS in scheduler form 50/29150/2
authorNicole Cordes <typo3@cordes.co>
Thu, 3 Apr 2014 14:15:49 +0000 (16:15 +0200)
committerStefan Neufeind <typo3.neufeind@speedpartner.de>
Fri, 4 Apr 2014 13:09:14 +0000 (15:09 +0200)
commit1329a96113909a0bc8e72d6d2aae03ff74981fb7
treefecfbf131b540cd5672732c9e580a70bf8a5cad2
parent6ae6b40cbafe57e7d8a5a37669db589fd40e6863
[SECURITY] Prevent XSS in scheduler form

The class name is submitted in a hidden form and is susceptible to XSS.
The patch introduced htmlspecialchars to prevent XSS possibility.

Resolves: #57603
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: I4979e66f28a581e168c56d91327a1bbe2672448d
Reviewed-on: https://review.typo3.org/29150
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
typo3/sysext/scheduler/Classes/Controller/SchedulerModuleController.php