[SECURITY] Possible XSS in felogin messages 67/45267/2
authorGeorg Ringer <mail@ringerge.org>
Tue, 15 Dec 2015 10:34:15 +0000 (11:34 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 15 Dec 2015 10:34:24 +0000 (11:34 +0100)
commit419e986fb5987d88d000e5208269f4bdcf187bce
treecc779762712719cc41261af37cb1360e1b26eee7
parentc4408745585dd4262aedf73565440d886cfb300a
[SECURITY] Possible XSS in felogin messages

Change default TypoScript to encode messages in felogin
with htmlspecialchars.

Fix two occurences of _LOCAL_LANG messages where htmlspecialchars
was missing.

Resolves: #25243
Releases: master, 6.2
Security-Commit: dd8cdadc5ff64ff415035490646e8cf2578ee396
Security-Bulletins: TYPO3-CORE-SA-2015-010, 011, 012, 013, 014, 015
Change-Id: I186f8cb344b9b16f38d11926529a52e7ed4c831d
Reviewed-on: https://review.typo3.org/45267
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php
typo3/sysext/felogin/ext_typoscript_setup.txt