[BUGFIX] html-escaping of workspace-title too much
authorStefan Neufeind <typo3.neufeind@speedpartner.de>
Mon, 6 Feb 2012 08:54:12 +0000 (09:54 +0100)
committerStefan Neufeind <typo3.neufeind@speedpartner.de>
Mon, 6 Feb 2012 08:56:39 +0000 (09:56 +0100)
Titles are escaped later during output.
Don't yet escape in the service composing
the list of workspaces.

Change-Id: Ieeeb909efef8dbfcbccfed85d5edad072b5b11b3
Fixes: #31762
Releases: 4.7
Reviewed-on: http://review.typo3.org/6664
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
typo3/sysext/workspaces/Classes/ExtDirect/WorkspaceSelectorToolbarItem.php
typo3/sysext/workspaces/Classes/Service/Workspaces.php
typo3/sysext/workspaces/Resources/Public/JavaScript/workspacemenu.js

index 0ef7e3f..9171d6e 100644 (file)
@@ -62,7 +62,7 @@ class Tx_Workspaces_ExtDirect_WorkspaceSelectorToolbarItem implements backend_to
                $this->changeWorkspacePreview = t3lib_div::_GP('changeWorkspacePreview');
 
                $pageRenderer = t3lib_div::makeInstance('t3lib_pageRenderer');
-               $this->backendReference->addJavaScript("TYPO3.Workspaces = { workspaceTitle : '" . htmlspecialchars(addslashes(Tx_Workspaces_Service_Workspaces::getWorkspaceTitle($GLOBALS['BE_USER']->workspace))) . "'};\n");
+               $this->backendReference->addJavaScript("TYPO3.Workspaces = { workspaceTitle : '" . addslashes(Tx_Workspaces_Service_Workspaces::getWorkspaceTitle($GLOBALS['BE_USER']->workspace)) . "'};\n");
        }
 
        /**
@@ -120,7 +120,7 @@ class Tx_Workspaces_ExtDirect_WorkspaceSelectorToolbarItem implements backend_to
                                $workspaceMenu[] = '<li' . $selected . '>' . $icon .
                                        ' <a href="backend.php?changeWorkspace=' .
                                        intval($workspaceId) . '" id="ws-' . intval($workspaceId) .
-                                       '" class="ws">' . $label . '</a></li>';
+                                       '" class="ws">' . htmlspecialchars($label) . '</a></li>';
                        }
                } else {
                        $workspaceMenu[] = '<li>' . $stateUncheckedIcon . ' ' .
index 95c7ad0..dba2e69 100644 (file)
@@ -59,7 +59,7 @@ class Tx_Workspaces_Service_Workspaces implements t3lib_Singleton {
                if (count($customWorkspaces)) {
                        foreach ($customWorkspaces as $workspace) {
                                if ($GLOBALS['BE_USER']->checkWorkspace($workspace)) {
-                                       $availableWorkspaces[$workspace['uid']] = htmlspecialchars($workspace['title']);
+                                       $availableWorkspaces[$workspace['uid']] = $workspace['title'];
                                }
                        }
                }
index 0546276..b57136d 100644 (file)
@@ -162,7 +162,7 @@ var WorkspaceMenu = Class.create({
                        } else {
                                userItem = Ext.select ('#username');
                        }
-                       userItem.insertHtml('beforeEnd', '<span id="typo3-topbar-workspaces-title">@' + workspaceTitle + '</span>')
+                       userItem.insertHtml('beforeEnd', '<span id="typo3-topbar-workspaces-title">@' + Ext.util.Format.htmlEncode(workspaceTitle) + '</span>')
                }
        }