Fixed bug #10159: XSS vulnerability in workspace module
authorIngmar Schlecht <ingmar.schlecht@typo3.org>
Tue, 20 Jan 2009 12:07:11 +0000 (12:07 +0000)
committerIngmar Schlecht <ingmar.schlecht@typo3.org>
Tue, 20 Jan 2009 12:07:11 +0000 (12:07 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@4791 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/mod/user/ws/wsol_preview.php

index a56a674..4ae5d62 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@
 
        * Fixed bug #10186: Time shifting (again) in datetime fields (followup to Bug#8746; thanks to Ernesto Baschny)
        * Fixed bug #10146: Session fixation vulnerability in user authentication (thanks to the TYPO3 Security Team and especially Marcus Krause)
+       * Fixed bug #10159: XSS vulnerability in workspace module (thanks to the TYPO3 Security Team and especially Marcus Krause)
 
 2009-01-20  Ingo Renner  <ingo@typo3.org>
 
index 6686983..7e00898 100755 (executable)
@@ -103,7 +103,7 @@ class wsol_preview {
                                        The previewed page is created in the workspace and has no counterpart in the live workspace.';
                                break;
                                default:
-                                       $message = 'Unknown message code "'.$msg.'"';
+                                       $message = 'Unknown message code "' . htmlspecialchars($msg) . '"';
                                break;
                        }