[SECURITY] Escape the link text in EmailViewHelper 78/49078/2
authorWouter Wolters <typo3@wouterwolters.nl>
Tue, 19 Jul 2016 10:17:32 +0000 (12:17 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 19 Jul 2016 10:17:36 +0000 (12:17 +0200)
commitbf04086ea2cfec322d329b9e52bf1cc569d3b5d6
tree6c09a9ded68552d8f0bf4f9f17e864ff23b10bfb
parente4cfac074d09b2ac6304418a2491e222aadbae57
[SECURITY] Escape the link text in EmailViewHelper

The content of the email link is not escaped correctly.
This leads to XSS in the EmailViewHelper.

Resolves: #76344
Releases: master,7.6,6.2
Security-Commit: 02176ebafd54220201f751b46b54761c9a39d92e
Security-Bulletins: TYPO3-CORE-SA-2016-014, 015, 016, 017, 018
Change-Id: I9ec59b202de39525370a1eeb7f03f1e71a823224
Reviewed-on: https://review.typo3.org/49078
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/fluid/Classes/ViewHelpers/Link/EmailViewHelper.php
typo3/sysext/fluid/Tests/Unit/ViewHelpers/Link/EmailViewHelperTest.php
typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php