[BUGFIX] No duplicate html encoding in file titles 52/25052/2
authorAlexander Stehlik <alexander.stehlik@googlemail.com>
Tue, 29 Oct 2013 15:50:49 +0000 (16:50 +0100)
committerStefan Neufeind <typo3.neufeind@speedpartner.de>
Sat, 9 Nov 2013 23:54:37 +0000 (00:54 +0100)
This patch makes sure that UserFileInlineLabelService only parses the
title of a file through htmlspecialchars if this was not already done by
a BackendUtility method like getRecordTitle() or getRecordTitlePrep().

Titles that are cropped by getRecordTitlePrep() will be displayed
correctly in the Backend.

Resolves: #53200
Releases: 6.2
Change-Id: I960e599372aeecfb2e5e6469ac4d644c578cfabc
Reviewed-on: https://review.typo3.org/25052
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Dmitry Dulepov
Reviewed-by: Tomita Militaru
Tested-by: Tomita Militaru
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
typo3/sysext/core/Classes/Resource/Service/UserFileInlineLabelService.php

index 4c90bb6..402b322 100644 (file)
@@ -61,11 +61,11 @@ class UserFileInlineLabelService {
                        $value = '';
                        if ($field === 'title') {
                                $value = isset($params['row']['title'])
-                                       ? $params['row']['title']
+                                       ? htmlspecialchars($params['row']['title'])
                                        : BackendUtility::getRecordTitle('sys_file', $fileRecord, TRUE);
                        } else {
                                if (isset($params['row'][$field])) {
-                                       $value = $params['row'][$field];
+                                       $value = htmlspecialchars($params['row'][$field]);
                                } elseif (isset($fileRecord[$field])) {
                                        $value = BackendUtility::getRecordTitlePrep($fileRecord[$field]);
                                }
@@ -74,7 +74,7 @@ class UserFileInlineLabelService {
                                continue;
                        }
                        $labelText = LocalizationUtility::translate('LLL:EXT:lang/locallang_tca.xlf:sys_file.' . $field, 'lang');
-                       $title[] = '<dt>' . htmlspecialchars($labelText) . '</dt>' . '<dd>' . htmlspecialchars($value) . '</dd>';
+                       $title[] = '<dt>' . htmlspecialchars($labelText) . '</dt>' . '<dd>' . $value . '</dd>';
                }
                $params['title'] = '<dl>' . implode('', $title) . '</dl>';
        }