Fixed bug #14950: XSS in t3editor (thanks to Tobias Liebig)
authorOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 08:54:03 +0000 (08:54 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 08:54:03 +0000 (08:54 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@8329 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/sysext/t3editor/class.tx_t3editor.php

index 8a944c7..dacd553 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,7 @@
        * Fixed bug #14978: XSS in file tree (thanks to Georg Ringer)
        * Fixed bug #13292: TYPO3 error message reveals path to web root (thanks to Xavier Perseguers)
        * Fixed bug #11618: XSS vulnerability in install tool / BE login (thanks to Georg Ringer)
+       * Fixed bug #14950: XSS in t3editor (thanks to Tobias Liebig)
 
 2010-07-21  Ingo Renner  <ingo@typo3.org>
 
index 90aa43a..4318b69 100755 (executable)
@@ -167,6 +167,7 @@ class tx_t3editor {
                        $this->editorCounter++;
 
                        $class .= ' t3editor';
+                       $alt = htmlspecialchars($alt);
                        if (!empty($alt)) {
                                $alt = ' alt="' . $alt . '"';
                        }