[SECURITY] XSS in TCE forms
authorChristian Kuhn <lolli@schwarzbu.ch>
Wed, 15 Aug 2012 10:17:48 +0000 (12:17 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:17:51 +0000 (12:17 +0200)
commit6840097bdadcfd7fb8ad360f70752023fe0f834b
tree4099bebe0efd6cd1d161aa6ddd265e3a6274237e
parentfb1e2048e8bd9058bf742da057230916a2121e6d
[SECURITY] XSS in TCE forms

Properly encode field labels that are set via TSConfig.

Fixes: #25356
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: Ic41ce41cf8babd27867e71764173cf4e6524843e
Security-Commit: efdf638fa6f2971d62195aa40137e19a89884a2b
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13741
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
t3lib/class.t3lib_tceforms.php
t3lib/class.t3lib_tceforms_inline.php
t3lib/tceforms/class.t3lib_tceforms_flexforms.php