[SECURITY] Escape caption of media using css_styled_content 73/45273/2
authorGeorg Ringer <georg.ringer@gmail.com>
Tue, 15 Dec 2015 10:35:47 +0000 (11:35 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 15 Dec 2015 10:35:52 +0000 (11:35 +0100)
commit420f5ed967931b085be2f548a82b654ae0177694
treee7fc6c5d303cb29301fe44b35aaa0c14800b606b
parent7e4bdf48988191043a65880c72190c4130c1f0e0
[SECURITY] Escape caption of media using css_styled_content

The caption must be escaped. As this is only a textarea, the parsefunc
is not needed.

Furthermore, the fields "altText" and "titleText" use htmlspecialchars instead of stripHtml.

Resolves: #41690
Releases: master, 6.2
Security-Commit: 8b11cfd8fba0c68effad41f4fdc07f4b593a62cc
Security-Bulletins: TYPO3-CORE-SA-2015-010, 011, 012, 013, 014, 015
Change-Id: Ia32b37e93cbe3d5f171a7986fb17539d84e99325
Reviewed-on: https://review.typo3.org/45273
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/css_styled_content/static/setup.txt
typo3/sysext/css_styled_content/static/v4.5/setup.txt
typo3/sysext/css_styled_content/static/v4.6/setup.txt
typo3/sysext/css_styled_content/static/v4.7/setup.txt
typo3/sysext/css_styled_content/static/v6.0/setup.txt
typo3/sysext/css_styled_content/static/v6.1/setup.txt