[BUGFIX] Encode LiveSearch results properly 13/43913/2
authorWouter Wolters <typo3@wouterwolters.nl>
Thu, 8 Oct 2015 19:22:45 +0000 (21:22 +0200)
committerBenni Mack <benni@typo3.org>
Thu, 8 Oct 2015 20:53:55 +0000 (22:53 +0200)
Resolves: #70509
Releases: master
Change-Id: If1132b6191501fa70161f2b87ea1a81048335d12
Reviewed-on: http://review.typo3.org/43913
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
typo3/sysext/backend/Classes/Search/LiveSearch/LiveSearch.php

index 3b4f2c1..23c21c7 100644 (file)
@@ -218,10 +218,10 @@ class LiveSearch {
                        $collect[] = array(
                                'id' => $tableName . ':' . $row['uid'],
                                'pageId' => $tableName === 'pages' ? $row['uid'] : $row['pid'],
-                               'typeLabel' =>  $this->getTitleOfCurrentRecordType($tableName),
+                               'typeLabel' =>  htmlspecialchars($this->getTitleOfCurrentRecordType($tableName)),
                                'iconHTML' => '<span title="' . htmlspecialchars($title) . '">' . $iconFactory->getIconForRecord($tableName, $row, Icon::SIZE_SMALL)->render() . '</span>',
-                               'title' => BackendUtility::getRecordTitle($tableName, $row),
-                               'editLink' => $this->getEditLink($tableName, $row)
+                               'title' => htmlspecialchars(BackendUtility::getRecordTitle($tableName, $row)),
+                               'editLink' => htmlspecialchars($this->getEditLink($tableName, $row))
                        );
                        $isFirst = FALSE;
                }