[BUGFIX] IMAGEBUTTON src attribute not working 92/42892/3
authorRalf Zimmermann <ralf.zimmermann@tritum.de>
Thu, 27 Aug 2015 16:58:27 +0000 (18:58 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Fri, 28 Aug 2015 14:41:22 +0000 (16:41 +0200)
Render the IMAGEBUTTON "src" attribute as IMG_RESOURCE
but only the IMG_RESOURCE.file property for security reason.

Resolves: #69372
Releases: master, 6.2
Change-Id: Ic7f3eea9a5c43dc5c7254ce0fd7d6f21db445d4f
Reviewed-on: http://review.typo3.org/42892
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/form/Classes/Domain/Model/Attribute/SrcAttribute.php

index 6066262..424adf8 100644 (file)
@@ -32,7 +32,10 @@ class SrcAttribute extends \TYPO3\CMS\Form\Domain\Model\Attribute\AbstractAttrib
         * @see \TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer::getImgResource()
         */
        public function getValue() {
-               $attribute = $this->localCobj->cObjGetSingle('IMG_RESOURCE', $this->value);
+               $attribute = $this->localCobj->cObjGetSingle(
+                       'IMG_RESOURCE',
+                       array('file' => $this->value)
+               );
                return $attribute;
        }