[SECURITY] XSS in show item
authorChristian Kuhn <lolli@schwarzbu.ch>
Wed, 28 Mar 2012 11:54:30 +0000 (13:54 +0200)
committerOliver Hader <oliver@typo3.org>
Wed, 28 Mar 2012 11:54:33 +0000 (13:54 +0200)
Change-Id: I026fb44afac01e61a861d3b3bc8e99c15c1972e8
Fixes: #29397
Security-Commit: e34600be49087e59941b89025da4e1d75e407970
Security-Bulletin: TYPO3-CORE-SA-2012-001
Reviewed-on: http://review.typo3.org/10009
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/show_item.php

index 7f1078a..82baecc 100644 (file)
@@ -495,12 +495,12 @@ class SC_show_item {
                }
                foreach($rows as $row)  {
                        $infoData[] = '<tr class="bgColor4"">' .
-                                       '<td>'.$row['tablename'].'</td>' .
-                                       '<td>'.$row['recuid'].'</td>' .
-                                       '<td>'.$row['field'].'</td>'.
-                                       '<td>'.$row['flexpointer'].'</td>'.
-                                       '<td>'.$row['softref_key'].'</td>'.
-                                       '<td>'.$row['sorting'].'</td>'.
+                                       '<td>'.htmlspecialchars($row['tablename']).'</td>' .
+                                       '<td>'.htmlspecialchars($row['recuid']).'</td>' .
+                                       '<td>'.htmlspecialchars($row['field']).'</td>'.
+                                       '<td>'.htmlspecialchars($row['flexpointer']).'</td>'.
+                                       '<td>'.htmlspecialchars($row['softref_key']).'</td>'.
+                                       '<td>'.htmlspecialchars($row['sorting']).'</td>'.
                                        '</tr>';
                }
 
@@ -539,13 +539,13 @@ class SC_show_item {
                }
                foreach($rows as $row)  {
                        $infoData[] = '<tr class="bgColor4"">' .
-                                       '<td>'.$row['field'].'</td>'.
-                                       '<td>'.$row['flexpointer'].'</td>'.
-                                       '<td>'.$row['softref_key'].'</td>'.
-                                       '<td>'.$row['sorting'].'</td>'.
-                                       '<td>'.$row['ref_table'].'</td>' .
-                                       '<td>'.$row['ref_uid'].'</td>' .
-                                       '<td>'.$row['ref_string'].'</td>' .
+                                       '<td>'.htmlspecialchars($row['field']).'</td>'.
+                                       '<td>'.htmlspecialchars($row['flexpointer']).'</td>'.
+                                       '<td>'.htmlspecialchars($row['softref_key']).'</td>'.
+                                       '<td>'.htmlspecialchars($row['sorting']).'</td>'.
+                                       '<td>'.htmlspecialchars($row['ref_table']).'</td>' .
+                                       '<td>'.htmlspecialchars($row['ref_uid']).'</td>' .
+                                       '<td>'.htmlspecialchars($row['ref_string']).'</td>' .
                                        '</tr>';
                }
 
@@ -566,4 +566,4 @@ $SOBE->init();
 $SOBE->main();
 $SOBE->printContent();
 
-?>
+?>
\ No newline at end of file