[!!!][SECURITY] XSS in filelink element
authorGeorg Ringer <mail@ringerge.org>
Wed, 28 Mar 2012 11:56:54 +0000 (13:56 +0200)
committerOliver Hader <oliver@typo3.org>
Wed, 28 Mar 2012 11:56:56 +0000 (13:56 +0200)
commit667a9c43d97485d72df089f57caa399899f44edd
treeb673a01dc865f8f157cdebcd9b931a744c6db910
parentbaef952ad0c4d3eac26a1311b2223863ec6c41fe
[!!!][SECURITY] XSS in filelink element

Add escaping to description and file name of file link content element.
Warning: There is no longer HTML possible in description!

Change-Id: Id9da65e927080db4e548811f9a82e0cf7e88e214
Fixes: #25246
Releases: 6.0, 4.7, 4.6, 4.5, 4.4
Security-Review: http://review.typo3.org/7236
Security-Commit: a4006c10b5ac505a951131bbe3166a4271c62268
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10038
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/css_styled_content/pi1/class.tx_cssstyledcontent_pi1.php
typo3/sysext/css_styled_content/static/v3.8/setup.txt
typo3/sysext/css_styled_content/static/v3.9/setup.txt
typo3/sysext/css_styled_content/static/v4.2/setup.txt
typo3/sysext/css_styled_content/static/v4.3/setup.txt
typo3/sysext/css_styled_content/static/v4.4/setup.txt
typo3/sysext/css_styled_content/static/v4.5/setup.txt
typo3/sysext/css_styled_content/static/v4.6/setup.txt