[SECURITY] XSS in install tool
authorMario Rimann <mario.rimann@typo3.org>
Wed, 15 Aug 2012 10:19:18 +0000 (12:19 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:19:21 +0000 (12:19 +0200)
commit7a839a305707201dfda4e411f72c61ecc8b99724
tree880bc93f6eceb9b3ff22b4ba41c0cbb655653e8c
parent2ae69c8a8b9d21009a93f27c798ea3028b76ee59
[SECURITY] XSS in install tool

In the "Basic Configuration" section, some configuration values are
rendered without proper escaping both as input fields or as
regular content of the page. These values are htmlspecialchars-
treated now.

For the "All Configuration" form, all input fields and text area fields get now htmlspecialchars-treated.

Change-Id: Ic40340c9d0a4242d31a7202c140b9ba0d1f88184
Fixes: #21634
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 3b42f81101b537481734204308ad7ce99fd99cb5
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13754
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/install/mod/class.tx_install.php