[SECURITY] XSS in TCE forms
authorChristian Kuhn <lolli@schwarzbu.ch>
Wed, 15 Aug 2012 10:18:56 +0000 (12:18 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:19:00 +0000 (12:19 +0200)
commit9b2b8fb90d2f06ec59661250d19195c51e2a767c
treedd99056939754864090724d9c49963703133356b
parent63766433ecce254efc887606a884a371c02afdb0
[SECURITY] XSS in TCE forms

Properly encode field labels that are set via TSConfig.

Fixes: #25356
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: I23fc1de4ceeab54e1d3d97bc27870a0c070b6038
Security-Commit: 8ddba7927a643e94b491cafd5f348551fdea84ca
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13751
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
t3lib/class.t3lib_tceforms.php
t3lib/class.t3lib_tceforms_inline.php
t3lib/tceforms/class.t3lib_tceforms_flexforms.php