[SECURITY] XSS in content element "Form" 94/46694/2
authorHelmut Hummel <helmut.hummel@typo3.org>
Tue, 16 Feb 2016 10:43:32 +0000 (11:43 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 16 Feb 2016 10:43:54 +0000 (11:43 +0100)
commit4e639bef9fbf4b645c4ce3e6dff81a64f6f68552
treed36b4c49a1c816b9cdab273c8f9530c758659864
parenta5117093a6e8de6f783d79a129697772e7f3c9c5
[SECURITY] XSS in content element "Form"

Encode field names and options of select and radio elements.

Resolves: #25244
Releases: 6.2
Security-Commit: 7121a0c39e8801e860e29b77c6e33319bc27fd75
Security-Bulletinsp: TYPO3-CORE-SA-2016-001, 002, 003, 004
Change-Id: I2c2a1a71499ee4757b420df64a3604576d945da4
Reviewed-on: https://review.typo3.org/46694
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/frontend/Classes/ContentObject/FormContentObject.php