Fixed bug #14953: XSS in (new) taskcenter (thanks to Georg Ringer)
authorOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 08:50:16 +0000 (08:50 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 08:50:16 +0000 (08:50 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@8313 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/sysext/taskcenter/task/index.php

index f5ee794..37c106c 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 2010-07-28  Oliver Hader  <oliver@typo3.org>
 
        * Raised Extbase and Fluid from 1.2.0 to 1.2.1
+       * Fixed bug #14953: XSS in (new) taskcenter (thanks to Georg Ringer)
 
 2010-07-27  Steffen Kamper  <steffen@typo3.org>
 
index f297498..0f99079 100755 (executable)
@@ -242,7 +242,7 @@ class SC_mod_user_task_index extends t3lib_SCbase {
 
                $content = '<div id="taskcenter-main">
                                                <div id="taskcenter-menu">' . $this->indexAction() . '</div>
-                                               <div id="taskcenter-item" class="' . $extKey . '-' . $taskClass . '">' .
+                                               <div id="taskcenter-item" class="' . htmlspecialchars($extKey . '-' . $taskClass) . '">' .
                                                        $actionContent . '
                                                </div>
                                        </div>';