[BUGFIX] Properly escape data in SelectImage 27/40327/2
authorWouter Wolters <typo3@wouterwolters.nl>
Tue, 16 Jun 2015 18:32:16 +0000 (20:32 +0200)
committerMarkus Klein <markus.klein@typo3.org>
Thu, 18 Jun 2015 20:56:55 +0000 (22:56 +0200)
Resolves: #67527
Releases: master
Change-Id: Id4e80a03a9553eab742e3dd1b44117e04a5180b7
Reviewed-on: http://review.typo3.org/40327
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/rtehtmlarea/Classes/SelectImage.php

index 998be9c..a1b3277 100644 (file)
@@ -136,11 +136,11 @@ class SelectImage extends \TYPO3\CMS\Recordlist\Browser\ElementBrowser {
                        Tree.ajaxID = "SC_alt_file_navframe::expandCollapse";
                }');
                $this->doc->getPageRenderer()->loadRequireJsModule('TYPO3/CMS/Rtehtmlarea/Modules/SelectImage', 'function(SelectImage) {
-                       SelectImage.editorNo = "' . $this->editorNo . '";
-                       SelectImage.act = "' . ($this->act ?: reset($this->allowedItems)) . '";
-                       SelectImage.sys_language_content = "' . $this->sys_language_content . '";
-                       SelectImage.RTEtsConfigParams = "' . rawurlencode($this->RTEtsConfigParams) . '";
-                       SelectImage.bparams = "' . $this->bparams . '";
+                       SelectImage.editorNo = ' . GeneralUtility::quoteJSvalue($this->editorNo) . ';
+                       SelectImage.act = ' . GeneralUtility::quoteJSvalue(($this->act ?: reset($this->allowedItems))) . ';
+                       SelectImage.sys_language_content = ' . GeneralUtility::quoteJSvalue($this->sys_language_content) . ';
+                       SelectImage.RTEtsConfigParams = ' . GeneralUtility::quoteJSvalue(rawurlencode($this->RTEtsConfigParams)) . ';
+                       SelectImage.bparams = ' . GeneralUtility::quoteJSvalue($this->bparams) . ';
                }');
                $this->doc->getPageRenderer()->addCssFile($this->doc->backPath . \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extRelPath('t3skin') . 'rtehtmlarea/htmlarea.css');
                $this->doc->getContextMenuCode();
@@ -276,7 +276,7 @@ class SelectImage extends \TYPO3\CMS\Recordlist\Browser\ElementBrowser {
        <title>Untitled</title>
        <script type="text/javascript">
        /*<![CDATA[*/
-               var plugin = window.parent.RTEarea["' . $this->editorNo . '"].editor.getPlugin("TYPO3Image");
+               var plugin = window.parent.RTEarea[' . GeneralUtility::quoteJSvalue($this->editorNo) . '].editor.getPlugin("TYPO3Image");
                var imageTags = [];
                function insertImage(file,width,height,alt,title,additionalParams) {
                        imageTags.push(\'<img src="\'+file+\'" width="\'+parseInt(width)+\'" height="\'+parseInt(height)+\'"\'' . ($this->defaultClass ? '+\' class="' . $this->defaultClass . '"\'' : '') . '+(alt?\' alt="\'+alt+\'"\':\'\')+(title?\' title="\'+title+\'"\':\'\')+(additionalParams?\' \'+additionalParams:\'\')+\' />\');