[SECURITY] XSS in belog module 22/45522/2
authorOliver Hader <oliver@typo3.org>
Wed, 30 Dec 2015 12:24:30 +0000 (13:24 +0100)
committerMorton Jonuschat <m.jonuschat@mojocode.de>
Wed, 30 Dec 2015 17:10:33 +0000 (18:10 +0100)
commit3eb2e46d3ce05ee9ef00e68ea57d20506bb50314
tree73fefb3f16c145b80910cc381e23e4c56b3f38fd
parent1419b828c711a24136fa73e4087b71210fd48d21
[SECURITY] XSS in belog module

The username of a backend user and title of a workspace record
miss accordant escaping if being rendered in the belog module.

Since this has only impact on admin users in the backend, the
fix is handled in public instead of a security release.

Resolves: #72475
Releases: master, 7.6, 6.2
Change-Id: Ib165f8ef849a641984fc5fb834b30983f7b63a54
Reviewed-on: https://review.typo3.org/45519
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Tested-by: Morton Jonuschat <m.jonuschat@mojocode.de>
(cherry picked from commit 056323e9141c9028d07c1e12543584e03b5f0c9e)
Reviewed-on: https://review.typo3.org/45522
typo3/sysext/belog/Classes/ViewHelpers/UsernameViewHelper.php
typo3/sysext/belog/Classes/ViewHelpers/WorkspaceTitleViewHelper.php