[BUGFIX] Prevent output escaping in AvatarViewHelper 58/48058/2
authorNicole Cordes <typo3@cordes.co>
Tue, 10 May 2016 09:17:39 +0000 (11:17 +0200)
committerHelmut Hummel <helmut.hummel@typo3.org>
Tue, 10 May 2016 11:22:02 +0000 (13:22 +0200)
As the AvatarViewHelper returns HTML, the output should not be escaped.

Resolves: #76111
Releases: master
Change-Id: I4853de751c23dd726c30c11730b4c365625be5d0
Reviewed-on: https://review.typo3.org/48058
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Adrian Mot <adrian.mot@gmail.com>
Reviewed-by: Daniel Goerz <ervaude@gmail.com>
Tested-by: Daniel Goerz <ervaude@gmail.com>
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Tested-by: Helmut Hummel <helmut.hummel@typo3.org>
typo3/sysext/backend/Classes/ViewHelpers/AvatarViewHelper.php

index e5996c2..ff043bc 100644 (file)
@@ -24,6 +24,13 @@ use TYPO3Fluid\Fluid\Core\Rendering\RenderingContextInterface;
 class AvatarViewHelper extends AbstractViewHelper
 {
     /**
+     * As this ViewHelper renders HTML, the output must not be escaped.
+     *
+     * @var bool
+     */
+    protected $escapeOutput = false;
+
+    /**
      * Resolve user avatar from backend user id.
      *
      * @param int $backendUser Uid of the user