Fixed bug #17133: Pagetree - qtip can be used to execute custom javascript (XSS)...
authorSteffen Kamper <info@sk-typo3.de>
Thu, 20 Jan 2011 23:42:01 +0000 (23:42 +0000)
committerSteffen Kamper <info@sk-typo3.de>
Thu, 20 Jan 2011 23:42:01 +0000 (23:42 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@10182 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/tree/pagetree/class.t3lib_tree_pagetree_commands.php

index 835552e..caf2898 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -38,6 +38,7 @@
 
 2011-01-20  Steffen Kamper  <steffen@typo3.org>
 
+       * Fixed bug #17133: Pagetree - qtip can be used to execute custom javascript (XSS) (Thanks to Stefan Galinski)
        * Follow-up to #17153: Protect C(R)UD actions against CSRF - Add token to ExtDirect calls (Thanks to Stefan Galinski)
        * Fixed bug #17178: Rename extension "list" to "recordlist"
        * Fixed bug #17162: Missing localization in t3lib_tsstyleconfig
index 9100061..4e9b12d 100644 (file)
@@ -288,9 +288,11 @@ final class t3lib_tree_pagetree_Commands {
                $subNode = t3lib_div::makeInstance('t3lib_tree_pagetree_Node');
                $subNode->setRecord($record);
                $subNode->setCls($record['_CSSCLASS']);
-               $subNode->setQTip(str_replace(' - ', '<br />', t3lib_BEfunc::titleAttribForPages($record, '', FALSE)));
                $subNode->setType('pages');
 
+               $qtip = t3lib_BEfunc::titleAttribForPages($record, '', FALSE);
+               $subNode->setQTip(str_replace(' - ', '<br />', htmlspecialchars($qtip)));
+
                $subNode->setId($record['uid']);
                $subNode->setMountPoint($mountPoint);
                $subNode->setWorkspaceId(($record['_ORIG_uid'] ? $record['_ORIG_uid'] : $record['uid']));
@@ -337,4 +339,4 @@ final class t3lib_tree_pagetree_Commands {
        }
 }
 
-?>
\ No newline at end of file
+?>