[SECURITY] XSS in install tool
authorMario Rimann <mario.rimann@typo3.org>
Wed, 15 Aug 2012 10:18:08 +0000 (12:18 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:18:11 +0000 (12:18 +0200)
commit76748b7a30d8a714aa5fada4094d3a0b89a116b5
tree632e987def19ee368d52cd0fec0a97412f4539a8
parent85df0e458545e00f9c4fc7fcadec8256a0dbb0ad
[SECURITY] XSS in install tool

In the "Basic Configuration" section, some configuration values are
rendered without proper escaping both as input fields or as
regular content of the page. These values are htmlspecialchars-
treated now.

For the "All Configuration" form, all input fields and text area fields get now htmlspecialchars-treated.

Change-Id: Iba8a37ad24557f1af6772af8596660cab8d4bf7f
Fixes: #21634
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 835221d1b9b4f50a0769a5ed1f0116993b87da9c
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13744
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/install/mod/class.tx_install.php