* Fixed bug #12303: XSS vulnerability due to not proper sanitizing in function t3lib_div::quoteJSvalue (thanks to Oliver Klee)
* Fixed bug #12304: Frame inclusion in the backend through alt_mod_frameset (thanks to Oliver Klee)
* Fixed bug #12305: XSS vulnerability in view_help.php / tfID parameter (thanks to Oliver Klee)
+ * Fixed bug #12306: XSS vulnerability in module dispatcher
2009-10-21 Sebastian Kurfuerst <sebastian@typo3.org>
if ($module) {
$this->mainJScode.='
// open in module:
- top.goToModule(\''.$module.'\',false,\''.$params.'\');
+ top.goToModule(\''.$module.'\',false,'.t3lib_div::quoteJSvalue($params).');
';
}
}
});
}
- startInModule(\''.$startModule.'\', false, \''.$moduleParameters.'\');
+ startInModule(\''.$startModule.'\', false, '.t3lib_div::quoteJSvalue($moduleParameters).');
';
}
}