[SECURITY] XSS in install tool
authorMario Rimann <mario.rimann@typo3.org>
Wed, 15 Aug 2012 10:22:16 +0000 (12:22 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:22:22 +0000 (12:22 +0200)
commit5f0d3e4ecccc055adb87082b10371f448bfb8efd
tree6e104794c49d4aa15aa2b9efb5b4b6377b4d0588
parent14f9a48ecb0c7bcfc12b5c98fbc68b5724250174
[SECURITY] XSS in install tool

In the "Basic Configuration" section, some configuration values are
rendered without proper escaping both as input fields or as
regular content of the page. These values are htmlspecialchars-
treated now.

For the "All Configuration" form, all input fields and text area fields get now htmlspecialchars-treated.

Change-Id: I141efa5ad610bda4608f65c136af472cc3c4ec73
Fixes: #21634
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 1063d380e3532b69c24800f20b1127af70f820a0
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13774
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/install/mod/class.tx_install.php