[SECURITY] Escape the link text in EmailViewHelper 65/49065/2
authorWouter Wolters <typo3@wouterwolters.nl>
Tue, 19 Jul 2016 10:15:53 +0000 (12:15 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 19 Jul 2016 10:15:55 +0000 (12:15 +0200)
commit162673231dd56eb1a7adc6eaf85ea1044d5c1dd0
treef80370970faae6cc27b556cebf5f827f212b884b
parent7dc9baf9e4399d008084e490c1b6771aac0ccef4
[SECURITY] Escape the link text in EmailViewHelper

The content of the email link is not escaped correctly.
This leads to XSS in the EmailViewHelper.

Resolves: #76344
Releases: master,7.6,6.2
Security-Commit: a775018a6bfceae85297460c1134c2ec431edbcf
Security-Bulletins: TYPO3-CORE-SA-2016-014, 015, 016, 017, 018
Change-Id: I7f06b1aefc33fc59fdc9d5cb477c1824acf1e07c
Reviewed-on: https://review.typo3.org/49065
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/fluid/Classes/ViewHelpers/Link/EmailViewHelper.php
typo3/sysext/fluid/Tests/Unit/ViewHelpers/Link/EmailViewHelperTest.php
typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php