[SECURITY] Fix select_key XSS in PageLayoutView 24/49924/2
authorGeorg Ringer <georg.ringer@gmail.com>
Tue, 13 Sep 2016 09:53:06 +0000 (11:53 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 13 Sep 2016 09:53:08 +0000 (11:53 +0200)
commit2918d14e505c9f0043db7ee9c19311bd06a0ab08
tree5eb8ddf07d63cea88db916f55e1e106af444aac2
parenta6ba5524f4d5fe28c15883cd7990e0f14c2f3e61
[SECURITY] Fix select_key XSS in PageLayoutView

Apply htmlspecialchars() to avoid a XSS when rendering
the value of select_key.

Resolves: #77906
Releases: master, 8.3, 7.6, 6.2
Security-Commit: 8d0323fbb51c054f353feee77ee8b07471ded984
Security-Bulletins: TYPO3-CORE-SA-2016-020, 021
Change-Id: I165621549d516b52344bdb0e806fdc0434b47085
Reviewed-on: https://review.typo3.org/49924
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/backend/Classes/View/PageLayoutView.php