[SECURITY] Fix XSS in rtehtmlarea 71/45271/2
authorGeorg Ringer <georg.ringer@gmail.com>
Tue, 15 Dec 2015 10:35:20 +0000 (11:35 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 15 Dec 2015 10:35:27 +0000 (11:35 +0100)
commitb341d8491b82c0dc59dd03500cfe88797d618e3d
tree74520fab7d849454d2a71ea7806c268179a9334b
parent5c5babc0332336d6bf5c09607cb9d439389f183e
[SECURITY] Fix XSS in rtehtmlarea

The SpellCheckingController needs to quote external parameters.

Resolves: #37399
Releases: master, 6.2
Security-Commit: 9a6fe2c031c850eb4cd357bd3a1f13becd18f48b
Security-Bulletins: TYPO3-CORE-SA-2015-010, 011, 012, 013, 014, 015
Change-Id: I93f43a8ac8ffa28488527fd812c45e64048dfe23
Reviewed-on: https://review.typo3.org/45271
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/rtehtmlarea/Classes/Controller/SpellCheckingController.php