[SECURITY] XSS in TCE forms
authorChristian Kuhn <lolli@schwarzbu.ch>
Wed, 15 Aug 2012 10:21:47 +0000 (12:21 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 15 Aug 2012 10:21:53 +0000 (12:21 +0200)
commiteb7eb17c663f75936ebf9d05c0e3d45fad925726
tree5de5317eb12b519b6a772d1004b6b63511a58e46
parente922b56ef55f8fe7a8112a7dd2671dcd0b055372
[SECURITY] XSS in TCE forms

Properly encode field labels that are set via TSConfig.

Fixes: #25356
Releases: 6.0, 4.7, 4.6, 4.5

Change-Id: Ie61322d25c28cf953d3662fbd78febf64a21a970
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13771
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
t3lib/class.t3lib_tceforms.php
t3lib/class.t3lib_tceforms_inline.php
t3lib/tceforms/class.t3lib_tceforms_flexforms.php