[BUGFIX] Prevent double escaping in quickedit menu 09/48809/2
authorBenni Mack <benni@typo3.org>
Tue, 5 Jul 2016 16:14:51 +0000 (18:14 +0200)
committerNicole Cordes <typo3@cordes.co>
Tue, 5 Jul 2016 16:34:22 +0000 (18:34 +0200)
As the menu is generated in fluid templates, the item labels are already
escaped there. There is no need to escaping titles in build time.

Resolves: #76481
Releases: master, 7.6
Change-Id: I91c2e5aae12b2d91d6c8a4eefba26b630261395f
Reviewed-on: https://review.typo3.org/48809
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
typo3/sysext/backend/Classes/Controller/PageLayoutController.php

index 0e2768f..ff3104c 100755 (executable)
@@ -1495,14 +1495,14 @@ class PageLayoutController
                         ->setHref('#');
                     $quickEditMenu->addMenuItem($menuItem);
                     $menuItem = $quickEditMenu->makeMenuItem()
-                        ->setTitle('__' . $lang->sL(BackendUtility::getLabelFromItemlist('tt_content', 'colPos', $colPos), true) . ':__')
+                        ->setTitle('__' . $lang->sL(BackendUtility::getLabelFromItemlist('tt_content', 'colPos', $colPos)) . ':__')
                         ->setHref(BackendUtility::getModuleUrl($this->moduleName) . '&id=' . $this->id . '&edit_record=_EDIT_COL:' . $colPos . $retUrlStr);
                     $quickEditMenu->addMenuItem($menuItem);
                 }
                 $inValue = 'tt_content:' . $cRow['uid'];
                 $isSelected += (int)$edit_record == $inValue;
                 $menuItem = $quickEditMenu->makeMenuItem()
-                    ->setTitle(htmlspecialchars(GeneralUtility::fixed_lgd_cs(($cRow['header'] ? $cRow['header'] : '[' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title') . '] ' . strip_tags($cRow['bodytext'])), $beUser->uc['titleLen'])))
+                    ->setTitle(GeneralUtility::fixed_lgd_cs(($cRow['header'] ? $cRow['header'] : '[' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title') . '] ' . strip_tags($cRow['bodytext'])), $beUser->uc['titleLen']))
                     ->setHref(BackendUtility::getModuleUrl($this->moduleName) . '&id=' . $this->id . '&edit_record=' . $inValue . $retUrlStr)
                     ->setActive($edit_record == $inValue);
                 $quickEditMenu->addMenuItem($menuItem);