[TASK] Add htmlspecialchars to element id 26/35426/2
authorFrank Nägler <typo3@naegler.net>
Sun, 14 Dec 2014 16:17:44 +0000 (17:17 +0100)
committerWouter Wolters <typo3@wouterwolters.nl>
Sun, 14 Dec 2014 16:36:14 +0000 (17:36 +0100)
Resolves: #63842
Related: #62973
Releases: master
Change-Id: I9089585103263788fcc937b3d1ac623095373427
Reviewed-on: http://review.typo3.org/35426
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
typo3/sysext/backend/Classes/Form/Element/RadioElement.php

index 505f735..c1a719b 100644 (file)
@@ -51,7 +51,7 @@ class RadioElement extends AbstractFormElement {
 
                // Traverse the items, making the form elements
                foreach ($selectedItems as $checkbox => $selectedItem) {
-                       $radioId = $additionalInformation['itemFormElID'] . '_' . $checkbox;
+                       $radioId = htmlspecialchars($additionalInformation['itemFormElID'] . '_' . $checkbox);
                        $radioOnClick = implode('', $additionalInformation['fieldChangeFunc']);
                        $radioChecked = (string)$selectedItem[1] === (string)$additionalInformation['itemFormElValue'] ? ' checked="checked"' : '';
                        $item .= '<div class="radio' . $disabled . '">'