Fixed bug #14215: XSS in beuser (thanks to Georg Ringer)

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@8363 709f56b5-9817-0410-a4d7-c38de5d9e867

diff --git a/ChangeLog b/ChangeLog
index 3a482f5..93168ef 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,7 @@
        * Fixed bug #13958: XSS in BE Log (thanks to Georg Ringer)
        * Fixed bug #14317: XSS in Extension Manager (thanks to Georg Ringer)
        * Fixed bug #13957: XSS in template analyzer (thanks to Georg Ringer)
+       * Fixed bug #14215: XSS in beuser (thanks to Georg Ringer)
 
 2010-07-27  Steffen Kamper  <steffen@typo3.org>
 

diff --git a/t3lib/class.t3lib_befunc.php b/t3lib/class.t3lib_befunc.php
index 71a3e58..33b15d6 100644 (file)
--- a/t3lib/class.t3lib_befunc.php
+++ b/t3lib/class.t3lib_befunc.php
@@ -868,7 +868,11 @@ final class t3lib_BEfunc {
                        // Traverse languages
                $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,title,flag', 'sys_language', 'pid=0' . self::deleteClause('sys_language'));
                while($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
-                       $sysLanguages[] = array($row['title'].' ['.$row['uid'].']', $row['uid'], ($row['flag'] ? 'flags/'.$row['flag'] : ''));
+                       $sysLanguages[] = array(
+                               htmlspecialchars($row['title']) . ' [' . $row['uid'] . ']',
+                               $row['uid'],
+                               ($row['flag'] ? 'flags/' . $row['flag'] : '')
+                       );
                }
                $GLOBALS['TYPO3_DB']->sql_free_result($res);