[SECURITY] Fix select_key XSS in PageLayoutView 24/49924/2
authorGeorg Ringer <georg.ringer@gmail.com>
Tue, 13 Sep 2016 09:53:06 +0000 (11:53 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 13 Sep 2016 09:53:08 +0000 (11:53 +0200)
Apply htmlspecialchars() to avoid a XSS when rendering
the value of select_key.

Resolves: #77906
Releases: master, 8.3, 7.6, 6.2
Security-Commit: 8d0323fbb51c054f353feee77ee8b07471ded984
Security-Bulletins: TYPO3-CORE-SA-2016-020, 021
Change-Id: I165621549d516b52344bdb0e806fdc0434b47085
Reviewed-on: https://review.typo3.org/49924
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/backend/Classes/View/PageLayoutView.php

index c29b5bd..4829699 100644 (file)
@@ -1817,7 +1817,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
                         }
                     } elseif (!empty($row['select_key'])) {
                         $out .= htmlspecialchars($this->getLanguageService()->sL(BackendUtility::getItemLabel('tt_content', 'select_key')))
-                            . ' ' . $row['select_key'] . '<br />';
+                            . ' ' . htmlspecialchars($row['select_key']) . '<br />';
                     } else {
                         $out .= '<strong>' . $this->getLanguageService()->getLL('noPluginSelected') . '</strong>';
                     }