[SECURITY] Fix SQL injection and XSS in record history
authorOliver Hader <oliver@typo3.org>
Thu, 8 Nov 2012 11:44:20 +0000 (12:44 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 8 Nov 2012 11:44:23 +0000 (12:44 +0100)
commitc150b2789880a9c3f72ae8347a53801e87bfe589
tree50cbab603e92b4095bb86b648e58f19beccc7270
parentb02026ddbf7747a47e3d1ce46c2be4e460c4256d
[SECURITY] Fix SQL injection and XSS in record history

This patch fixes the SQL injection possibilities in the record
history view as well as fixing XSS possibilities. The submitted
GET/POST data gets sanitized now besides that.

Change-Id: Ia595a7f0847352afe6a6de1ed1e5173b8fa0d099
Fixes: #42696
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 1583a40f946dccb606c466656292cbfb6d5d5fc9
Security-Bulletin: TYPO3-CORE-SA-2012-005
Reviewed-on: http://review.typo3.org/16301
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/class.show_rechis.inc