Fixed bug #12321: Follow-up to #11586, fixes FE editing

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@6274 709f56b5-9817-0410-a4d7-c38de5d9e867

diff --git a/ChangeLog b/ChangeLog
index 21fb1ca..5813e49 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2009-10-24  Ernesto Baschny <ernst@cron-it.de>
+
+       * Fixed bug #12321: Follow-up to #11586, fixes FE editing
+
 2009-10-22  Oliver Hader  <oliver@typo3.org>
 
        * Release of TYPO3 4.3.0beta2
@@ -7,7 +11,7 @@
        * Fixed bug #11586: Potential SQL injection in frontend editing (thanks to Oliver Klee)
        * Fixed bug #12309: It was possible to gain access to the Install Tool by only knowing the md5 hash of the password.
        * Fixed bug #12310: Encryption key can be recalculated when using normal mailform when [FE][strictFormmail] == 0 (thanks to Oliver Klee)
-       * Fixed bug #12090: Filenames should be escaped with escapeshellarg before passing them to imagemagick
+       * Fixed bug #12090: Filenames should be escaped with escapeshellarg before passing them to imagemagick (thanks to Oliver Klee)
        * Fixed bug #12303: XSS vulnerability due to not proper sanitizing in function t3lib_div::quoteJSvalue (thanks to Oliver Klee)
        * Fixed bug #12304: Frame inclusion in the backend through alt_mod_frameset (thanks to Oliver Klee)
        * Fixed bug #12305: XSS vulnerability in view_help.php / tfID parameter (thanks to Oliver Klee)

diff --git a/t3lib/class.t3lib_frontendedit.php b/t3lib/class.t3lib_frontendedit.php
index 51c2929..86e0abb 100644 (file)
--- a/t3lib/class.t3lib_frontendedit.php
+++ b/t3lib/class.t3lib_frontendedit.php
@@ -37,11 +37,12 @@
  */
 class t3lib_frontendedit {
        /**
-        * GET/POST parameters for the FE editing
+        * GET/POST parameters for the FE editing.
+        * Accessed as $GLOBALS['BE_USER']->frontendEdit->TSFE_EDIT, thus public
         *
         * @var array
         */
-       protected $TSFE_EDIT;
+       public $TSFE_EDIT;
 
        /**
         * TCEmain object.