[BUGFIX] XSS in admin panel
authorGeorg Ringer <mail@ringerge.org>
Wed, 27 Jul 2011 10:28:29 +0000 (12:28 +0200)
committerOliver Hader <oliver@typo3.org>
Wed, 27 Jul 2011 10:29:47 +0000 (12:29 +0200)
Change-Id: I3160ce9fbb5bb8aa97b28e1c0c4d4efd86c7fb7d
Resolves: #21589
Reviewed-on: http://review.typo3.org/3745
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/cms/tslib/class.tslib_adminpanel.php

index 4bf7bed..73cb6fc 100644 (file)
@@ -303,7 +303,7 @@ class tslib_AdminPanel {
                $row = '<img src="' . TYPO3_mainDir . 'gfx/ol/blank.gif" width="18" height="16" align="absmiddle" border="0" alt="" />';
                $row .= '<img src="' . TYPO3_mainDir . 'gfx/ol/' . ($GLOBALS['BE_USER']->uc['TSFE_adminConfig']['display_top']?'minus':'plus') . 'bullet.gif" width="18" height="16" align="absmiddle" border="0" alt="" />';
                $row .= '<strong>' . $this->extFw($this->extGetLL('adminOptions')) . '</strong>';
-               $row .= $this->extFw(': ' . $GLOBALS['BE_USER']->user['username']);
+               $row .= $this->extFw(': ' . htmlspecialchars($GLOBALS['BE_USER']->user['username']));
 
                $header = '
                        <tr class="typo3-adminPanel-hRow" style="background-color: #9ba1a8; cursor: move;">