[SECURITY] XSS in template tools on root page 72/30272/2
authorMarc Bastian Heinrichs <typo3@mbh-software.de>
Thu, 22 May 2014 07:31:18 +0000 (09:31 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 22 May 2014 07:31:21 +0000 (09:31 +0200)
Change-Id: I6942457ce27ad22a33efd003ceaa96fa7460c0bf
Fixes: #54109
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Security-Commit: 9abedcf7dc0fd59b602a2221ffd9a998636b8092
Security-Bulletin: TYPO3-CORE-SA-2014-001
Reviewed-on: https://review.typo3.org/30272
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/tstemplate/ts/index.php

index 64017bc..3903f9d 100644 (file)
@@ -530,7 +530,7 @@ page.10.value = HELLO WORLD!
                                        if (isset($pArray[$k . "_"])) {
                                                $lines[] = '<tr class="' . ($i++ % 2 == 0 ? 'bgColor4' : 'bgColor6') . '">
                                                        <td nowrap><img src="clear.gif" width="1" height="1" hspace=' . ($c * 10) . ' align="top">' .
-                                                       '<a href="' . t3lib_div::linkThisScript(array('id' => $k)) . '">' .
+                                                       '<a href="' . htmlspecialchars(t3lib_div::linkThisScript(array('id' => $k))) . '">' .
                                                        t3lib_iconWorks::getSpriteIconForRecord('pages', t3lib_BEfunc::getRecordWSOL('pages', $k), array("title"=>'ID: ' . $k )) .
                                                        t3lib_div::fixed_lgd_cs($pArray[$k], 30) . '</a></td>
                                                        <td align="center">' . $pArray[$k . '_']['count'] . '</td>