* Fixed bug #13958: XSS in BE Log (thanks to Georg Ringer)
* Fixed bug #14317: XSS in Extension Manager (thanks to Georg Ringer)
* Fixed bug #13957: XSS in template analyzer (thanks to Georg Ringer)
+ * Fixed bug #14215: XSS in beuser (thanks to Georg Ringer)
2010-07-27 Steffen Kamper <steffen@typo3.org>
// Traverse languages
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,title,flag', 'sys_language', 'pid=0' . self::deleteClause('sys_language'));
while($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
- $sysLanguages[] = array($row['title'].' ['.$row['uid'].']', $row['uid'], ($row['flag'] ? 'flags/'.$row['flag'] : ''));
+ $sysLanguages[] = array(
+ htmlspecialchars($row['title']) . ' [' . $row['uid'] . ']',
+ $row['uid'],
+ ($row['flag'] ? 'flags/' . $row['flag'] : '')
+ );
}
$GLOBALS['TYPO3_DB']->sql_free_result($res);