[SECURITY] Fix SQL injection and XSS in record history
authorOliver Hader <oliver@typo3.org>
Thu, 8 Nov 2012 11:44:57 +0000 (12:44 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 8 Nov 2012 11:45:01 +0000 (12:45 +0100)
commita0ede7db1fb32e4c8f776a78714923b7cc8ee1ca
tree18472be128b1f465dfff9ac432f3124629e46565
parent74c2aabf6811b105a5fcdfa20b282a55adeef60e
[SECURITY] Fix SQL injection and XSS in record history

This patch fixes the SQL injection possibilities in the record
history view as well as fixing XSS possibilities. The submitted
GET/POST data gets sanitized now besides that.

Change-Id: Ia92b5f7a2244412f87d9affdd73d2e0a6f7076ef
Fixes: #42696
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: a386933537b6193d3a3d7173721c5b3b961a7f0d
Security-Bulletin: TYPO3-CORE-SA-2012-005
Reviewed-on: http://review.typo3.org/16307
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/backend/Classes/History/RecordHistory.php