Fixed bug #13958: XSS in BE Log (thanks to Georg Ringer)
authorOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 08:57:39 +0000 (08:57 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 08:57:39 +0000 (08:57 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@8346 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_bedisplaylog.php

index ca33baa..8e9d045 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -7,6 +7,7 @@
        * Fixed bug #14850: Information disclosure in t3lib_htmlmail (thanks to Georg Ringer)
        * Fixed bug #13961: XSS in impexp (thanks to Georg Ringer)
        * Fixed bug #13960: XSS in sys_action (thanks to Georg Ringer)
+       * Fixed bug #13958: XSS in BE Log (thanks to Georg Ringer)
 
 2010-07-21  Ingo Renner  <ingo@typo3.org>
 
index 3b94f1e..3fafdc9 100644 (file)
@@ -200,6 +200,7 @@ class t3lib_BEDisplayLog {
                                $text = str_replace('%s','',$text);
                        }
                }
+               $text = htmlspecialchars($text);
 
                        // Finding the history for the record
                $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,fieldlist', 'sys_history', 'sys_log_uid='.intval($sys_log_uid));