[SECURITY] Fix SQL injection and XSS in record history
authorOliver Hader <oliver@typo3.org>
Thu, 8 Nov 2012 11:44:02 +0000 (12:44 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 8 Nov 2012 11:44:05 +0000 (12:44 +0100)
commit5245e0972553d4d2b3eed0e52d6bc44bebb60605
treea54d190c06d2a96a8250e99ca4633a6693be0a9a
parentab335bc082bd491e5ce7d81e5e80f10ec0d12af7
[SECURITY] Fix SQL injection and XSS in record history

This patch fixes the SQL injection possibilities in the record
history view as well as fixing XSS possibilities. The submitted
GET/POST data gets sanitized now besides that.

Change-Id: I033b296da0849736c989cfc1bb92e43546164b9c
Fixes: #42696
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 2bcfe757e38f326f3e7d8a52428f94f3945f9aa9
Security-Bulletin: TYPO3-CORE-SA-2012-005
Reviewed-on: http://review.typo3.org/16298
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/class.show_rechis.inc