[SECURITY] XSS in TCA Tree
authorOliver Hader <oliver@typo3.org>
Thu, 8 Nov 2012 11:43:56 +0000 (12:43 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 8 Nov 2012 11:43:59 +0000 (12:43 +0100)
commitab335bc082bd491e5ce7d81e5e80f10ec0d12af7
treecbb593921f7fcdc205fc054c94bf4f6025b7f1b2
parenta768d97c4c93197563bbc148ff0ed1baacc0d0d3
[SECURITY] XSS in TCA Tree

Properly html encode the label of tree nodes.

Fixes: #42774
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: I07bdff99b6f46535f376d518d459f0ebe6fd41ee
Security-Commit: 761f80c1cf733d44e9f02cbecb55d42dc1d741b2
Security-Bulletin: TYPO3-CORE-SA-2012-005
Reviewed-on: http://review.typo3.org/16297
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
t3lib/tree/renderer/class.t3lib_tree_renderer_extjsjson.php
t3lib/tree/renderer/class.t3lib_tree_renderer_unorderedlist.php