* Fixed bug #14850: Information disclosure in t3lib_htmlmail (thanks to Georg Ringer)
* Fixed bug #13961: XSS in impexp (thanks to Georg Ringer)
* Fixed bug #13958: XSS in BE Log (thanks to Georg Ringer)
+ * Fixed bug #14317: XSS in Extension Manager (thanks to Georg Ringer)
2010-07-27 Steffen Kamper <steffen@typo3.org>
// Function menu here:
if(!$this->CMD['standAlone'] && !t3lib_div::_GP('standAlone')) {
$content = $GLOBALS['LANG']->getLL('ext_details_ext') . ' <strong>' .
- $this->extensionTitleIconHeader($extKey, $list[$extKey]) . '</strong> (' . $extKey . ')';
+ $this->extensionTitleIconHeader($extKey, $list[$extKey]) . '</strong> (' . htmlspecialchars($extKey) . ')';
$this->content.= $this->doc->section('', $content);
}
if (is_array($imgInfo)) {
$out.= '<img src="'.$GLOBALS['BACK_PATH'].$this->typeRelPaths[$extInfo['type']].$extKey.'/ext_icon.gif" '.$imgInfo[3].' align="'.$align.'" alt="" />';
}
- $out.= $extInfo['EM_CONF']['title'] ? htmlspecialchars(t3lib_div::fixed_lgd_cs($extInfo['EM_CONF']['title'],40)) : '<em>'.$extKey.'</em>';
+ $out.= $extInfo['EM_CONF']['title'] ? htmlspecialchars(t3lib_div::fixed_lgd_cs($extInfo['EM_CONF']['title'], 40)) : '<em>' . htmlspecialchars($extKey) . '</em>';
return $out;
}
projects / Packages / TYPO3.CMS.git / commitdiff