Fixed issue #17082: [reports] XSS in reports scheduler job
authorIngo Renner <ingo.renner@typo3.org>
Mon, 17 Jan 2011 13:18:33 +0000 (13:18 +0000)
committerIngo Renner <ingo.renner@typo3.org>
Mon, 17 Jan 2011 13:18:33 +0000 (13:18 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@10100 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/sysext/reports/ChangeLog
typo3/sysext/reports/tasks/class.tx_reports_tasks_systemstatusupdatetasknotificationemailfield.php

index 27d093f..e49385e 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 2011-01-17  Ingo Renner  <ingo@typo3.org>
 
        * Added feature #17033: [reports] Notification Emails for system status updates
+       * Fixed issue #17082: [reports] XSS in reports scheduler job
 
 2011-01-17  Steffen Kamper  <steffen@typo3.org>
 
index 94cdbdf..6cdfbd0 100644 (file)
@@ -1,6 +1,7 @@
 2011-01-17  Ingo Renner  <ingo@typo3.org>
 
        * Added feature #17033: Notification Emails for system status updates
+       * Fixed issue #17082: XSS in reports scheduler job
 
 2011-01-13  Ingo Renner  <ingo@typo3.org>
 
index db8f277..8e70a24 100644 (file)
@@ -70,7 +70,7 @@ class tx_reports_tasks_SystemStatusUpdateTaskNotificationEmailField implements t
                        $fieldHtml = '<input type="text" '
                                . 'name="tx_scheduler[' . $fieldName . ']" '
                                . 'id="' . $fieldId . '" '
-                               . 'value="' . $taskInfo[$fieldName] . '" />';
+                               . 'value="' . htmlspecialchars($taskInfo[$fieldName]) . '" />';
 
                        $additionalFields[$fieldId] = array(
                                'code'     => $fieldHtml,