[BUGFIX] Prevent double escaping in quickedit menu 89/48789/2
authorNicole Cordes <typo3@cordes.co>
Mon, 4 Jul 2016 16:19:33 +0000 (18:19 +0200)
committerBenni Mack <benni@typo3.org>
Tue, 5 Jul 2016 16:11:58 +0000 (18:11 +0200)
As the menu is generated in fluid templates, the item labels are already
escaped there. There is no need to escaping titles in build time.

Resolve: #76481
Releases: master, 7.6
Change-Id: I91c2e5aae12b2d91d6c8a4eefba26b630261395f
Reviewed-on: https://review.typo3.org/48789
Tested-by: Bamboo TYPO3com <info@typo3.com>
Reviewed-by: Susanne Moog <typo3@susannemoog.de>
Tested-by: Susanne Moog <typo3@susannemoog.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
typo3/sysext/backend/Classes/Controller/PageLayoutController.php

index 2a9e3b3..0d1f784 100755 (executable)
@@ -1493,14 +1493,14 @@ class PageLayoutController
                         ->setHref('#');
                     $quickEditMenu->addMenuItem($menuItem);
                     $menuItem = $quickEditMenu->makeMenuItem()
-                        ->setTitle('__' . htmlspecialchars($lang->sL(BackendUtility::getLabelFromItemlist('tt_content', 'colPos', $colPos))) . ':__')
+                        ->setTitle('__' . $lang->sL(BackendUtility::getLabelFromItemlist('tt_content', 'colPos', $colPos)) . ':__')
                         ->setHref(BackendUtility::getModuleUrl($this->moduleName) . '&id=' . $this->id . '&edit_record=_EDIT_COL:' . $colPos . $retUrlStr);
                     $quickEditMenu->addMenuItem($menuItem);
                 }
                 $inValue = 'tt_content:' . $cRow['uid'];
                 $isSelected += (int)$edit_record == $inValue;
                 $menuItem = $quickEditMenu->makeMenuItem()
-                    ->setTitle(htmlspecialchars(GeneralUtility::fixed_lgd_cs(($cRow['header'] ? $cRow['header'] : '[' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title') . '] ' . strip_tags($cRow['bodytext'])), $beUser->uc['titleLen'])))
+                    ->setTitle(GeneralUtility::fixed_lgd_cs(($cRow['header'] ? $cRow['header'] : '[' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title') . '] ' . strip_tags($cRow['bodytext'])), $beUser->uc['titleLen']))
                     ->setHref(BackendUtility::getModuleUrl($this->moduleName) . '&id=' . $this->id . '&edit_record=' . $inValue . $retUrlStr)
                     ->setActive($edit_record == $inValue);
                 $quickEditMenu->addMenuItem($menuItem);