Fixed bug #14953: XSS in (new) taskcenter (thanks to Georg Ringer)

author Oliver Hader <oliver.hader@typo3.org>

Wed, 28 Jul 2010 08:50:16 +0000 (08:50 +0000)

committer Oliver Hader <oliver.hader@typo3.org>

Wed, 28 Jul 2010 08:50:16 +0000 (08:50 +0000)
author Oliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 08:50:16 +0000 (08:50 +0000)
committer Oliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 08:50:16 +0000 (08:50 +0000)
diff --git a/ChangeLog b/ChangeLog

index f5ee794..37c106c 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
  2010-07-28  Oliver Hader  <oliver@typo3.org>
  
         * Raised Extbase and Fluid from 1.2.0 to 1.2.1
+       * Fixed bug #14953: XSS in (new) taskcenter (thanks to Georg Ringer)
  
  2010-07-27  Steffen Kamper  <steffen@typo3.org>
  
diff --git a/typo3/sysext/taskcenter/task/index.php b/typo3/sysext/taskcenter/task/index.php

index f297498..0f99079 100755 (executable)
--- a/typo3/sysext/taskcenter/task/index.php
+++ b/typo3/sysext/taskcenter/task/index.php
@@ -242,7 +242,7 @@ class SC_mod_user_task_index extends t3lib_SCbase {
  
                 $content = '<div id="taskcenter-main">
                                                 <div id="taskcenter-menu">' . $this->indexAction() . '</div>
-                                               <div id="taskcenter-item" class="' . $extKey . '-' . $taskClass . '">' .
+                                               <div id="taskcenter-item" class="' . htmlspecialchars($extKey . '-' . $taskClass) . '">' .
                                                         $actionContent . '
                                                 </div>
                                         </div>';
author	Oliver Hader <oliver.hader@typo3.org>
	Wed, 28 Jul 2010 08:50:16 +0000 (08:50 +0000)
committer	Oliver Hader <oliver.hader@typo3.org>
	Wed, 28 Jul 2010 08:50:16 +0000 (08:50 +0000)
ChangeLog		patch \| blob \| history
typo3/sysext/taskcenter/task/index.php		patch \| blob \| history