Fixed bug #12634: XSS in the access module
authorOliver Hader <oliver.hader@typo3.org>
Tue, 23 Feb 2010 10:07:20 +0000 (10:07 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 23 Feb 2010 10:07:20 +0000 (10:07 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@7002 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/mod/web/perm/index.php

index 1188c02..82365da 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,7 @@
        * Fixed bug #11621: XSS vulnerabilities in workspace module (thanks to Georg Ringer)
        * Fixed bug #11620: XSS vulnerability in task center module (thanks to Georg Ringer)
        * Fixed bug #12628: XSS in sysext sys_action (thanks to Georg Ringer)
+       * Fixed bug #12634: XSS in the access module (thanks to Georg Ringer)
 
 2010-02-22  Benjamin Mack  <benni@typo3.org>
 
index 4b1d1bb..d074e47 100755 (executable)
@@ -609,7 +609,7 @@ class SC_mod_web_perm_index {
                                <tr>
                                        <td class="bgColor2" colspan="2">&nbsp;</td>
                                        <td class="bgColor2"><img'.t3lib_iconWorks::skinImg($BACK_PATH,'gfx/line.gif','width="5" height="16"').' alt="" /></td>
-                                       <td class="bgColor2" align="center" nowrap="nowrap"><b>'.$LANG->getLL('User',1).':</b> '.$BE_USER->user['username'].'</td>
+                                       <td class="bgColor2" align="center" nowrap="nowrap"><b>'.$LANG->getLL('User',1).':</b> ' . htmlspecialchars($BE_USER->user['username']) . '</td>
                                        '.(!$BE_USER->isAdmin()?'<td class="bgColor2"><img'.t3lib_iconWorks::skinImg($BACK_PATH,'gfx/line.gif','width="5" height="16"').' alt="" /></td>
                                        <td class="bgColor2" align="center"><b>'.$LANG->getLL('EditLock',1).'</b></td>':'').'
                                </tr>';