[BUGFIX] Escape title tag of image links 49/23349/2
authorAlexander Stehlik <alexander.stehlik@googlemail.com>
Tue, 27 Aug 2013 08:59:50 +0000 (10:59 +0200)
committerStefan Neufeind <typo3.neufeind@speedpartner.de>
Tue, 27 Aug 2013 09:03:32 +0000 (11:03 +0200)
This patch adds a missing call to htmlspecialchars() when
the title tag of image links is initialized.

Resolves: #50760
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: If41f33d9621f7790c0ff0de4aebcd7cdcb59707f
Reviewed-on: https://review.typo3.org/23349
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
typo3/sysext/css_styled_content/pi1/class.tx_cssstyledcontent_pi1.php

index c0376a7..5614c9e 100755 (executable)
@@ -699,7 +699,7 @@ class tx_cssstyledcontent_pi1 extends tslib_pibase {
                                $titleText = trim($this->cObj->stdWrap($imgConf['titleText'], $imgConf['titleText.']));
                                if ($titleText) {
                                                // This will be used by the IMAGE call later:
-                                       $GLOBALS['TSFE']->ATagParams .= ' title="'. $titleText .'"';
+                                       $GLOBALS['TSFE']->ATagParams .= ' title="'. htmlspecialchars($titleText) .'"';
                                }
                        }
 
@@ -1046,4 +1046,4 @@ if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLA
        include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/css_styled_content/pi1/class.tx_cssstyledcontent_pi1.php']);
 }
 
-?>
\ No newline at end of file
+?>