Fixed bug #15289: Element-Browser page tree has HSC'ed <span> elements

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@8470 709f56b5-9817-0410-a4d7-c38de5d9e867

diff --git a/ChangeLog b/ChangeLog
index abb9cc7..622dd8d 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2010-08-02  Oliver Hader  <oliver@typo3.org>
+
+       * Fixed bug #15289: Element-Browser page tree has HSC'ed <span> elements
+
 2010-08-01  Oliver Hader  <oliver@typo3.org>
 
        * Fixed bug #15321: Unused variable $warningItems in tx_install (thanks to Markus Klein)

diff --git a/t3lib/class.t3lib_browsetree.php b/t3lib/class.t3lib_browsetree.php
index 52af3c0..5d1a333 100644 (file)
--- a/t3lib/class.t3lib_browsetree.php
+++ b/t3lib/class.t3lib_browsetree.php
@@ -162,7 +162,7 @@ class t3lib_browseTree extends t3lib_treeView {
                        $rows = $GLOBALS['TYPO3_DB']->exec_SELECTgetRows('domainName,sorting', 'sys_domain',
                                                'pid=' . $GLOBALS['TYPO3_DB']->quoteStr($row['uid'], 'sys_domain'), '', 'sorting', 1);
                        if (is_array($rows) && count($rows) > 0) {
-                               $title = sprintf('%s [%s]', $title, $rows[0]['domainName']);
+                               $title = sprintf('%s [%s]', $title, htmlspecialchars($rows[0]['domainName']));
                        }
                }
                return $title;

diff --git a/typo3/class.browse_links.php b/typo3/class.browse_links.php
index 9774586..648f918 100644 (file)
--- a/typo3/class.browse_links.php
+++ b/typo3/class.browse_links.php
@@ -423,8 +423,6 @@ class TBE_PageTree extends localPageTree {
         * @return      string          Wrapping title string.
         */
        function wrapTitle($title,$v,$ext_pArrPages)    {
-               $title = htmlspecialchars($title);
-
                if ($ext_pArrPages)     {
                        $ficon=t3lib_iconWorks::getIcon('pages',$v);
                        $onClick = "return insertElement('pages', '".$v['uid']."', 'db', ".t3lib_div::quoteJSvalue($v['title']).", '', '', '".$ficon."','',1);";
@@ -472,8 +470,6 @@ class localFolderTree extends t3lib_folderTree {
         * @return      string          Wrapping title string.
         */
        function wrapTitle($title,$v)   {
-               $title = htmlspecialchars($title);
-
                if ($this->ext_isLinkable($v))  {
                        $aOnClick = 'return jumpToUrl(\''.$this->thisScript.'?act='.$GLOBALS['SOBE']->browser->act.'&mode='.$GLOBALS['SOBE']->browser->mode.'&expandFolder='.rawurlencode($v['path']).'\');';
                        return '<a href="#" onclick="'.htmlspecialchars($aOnClick).'">'.$title.'</a>';
@@ -557,7 +553,7 @@ class localFolderTree extends t3lib_folderTree {
                                // Put table row with folder together:
                        $out.='
                                <tr class="'.$bgColorClass.'">
-                                       <td nowrap="nowrap">'.$v['HTML'].$this->wrapTitle(t3lib_div::fixed_lgd_cs($v['row']['title'],$titleLen),$v['row']).'</td>
+                                       <td nowrap="nowrap">' . $v['HTML'] . $this->wrapTitle(htmlspecialchars(t3lib_div::fixed_lgd_cs($v['row']['title'], $titleLen)), $v['row']) . '</td>
                                        '.$arrCol.'
                                        <td>'.$cEbullet.'</td>
                                </tr>';
@@ -626,8 +622,6 @@ class TBE_FolderTree extends localFolderTree {
         * @return      string          Wrapping title string.
         */
        function wrapTitle($title,$v)   {
-               $title = htmlspecialchars($title);
-
                if ($this->ext_isLinkable($v))  {
                        $aOnClick = 'return jumpToUrl(\''.$this->thisScript.'?act='.$GLOBALS['SOBE']->browser->act.'&mode='.$GLOBALS['SOBE']->browser->mode.'&expandFolder='.rawurlencode($v['path']).'\');';
                        return '<a href="#" onclick="'.htmlspecialchars($aOnClick).'">'.$title.'</a>';