Fixed bug #14215: XSS in beuser (thanks to Georg Ringer)
authorOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 09:00:16 +0000 (09:00 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 09:00:16 +0000 (09:00 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@8360 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_befunc.php

index 7621b07..8275878 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,7 @@
        * Fixed bug #13958: XSS in BE Log (thanks to Georg Ringer)
        * Fixed bug #14317: XSS in Extension Manager (thanks to Georg Ringer)
        * Fixed bug #13957: XSS in template analyzer (thanks to Georg Ringer)
+       * Fixed bug #14215: XSS in beuser (thanks to Georg Ringer)
 
 2010-07-21  Ingo Renner  <ingo@typo3.org>
 
index 00686b4..dc1217d 100755 (executable)
@@ -834,7 +834,11 @@ final class t3lib_BEfunc {
                        // Traverse languages
                $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,title,flag', 'sys_language', 'pid=0'.t3lib_BEfunc::deleteClause('sys_language'));
                while($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
-                       $sysLanguages[] = array($row['title'].' ['.$row['uid'].']', $row['uid'], ($row['flag'] ? 'flags/'.$row['flag'] : ''));
+                       $sysLanguages[] = array(
+                               htmlspecialchars($row['title']) . ' [' . $row['uid'] . ']',
+                               $row['uid'],
+                               ($row['flag'] ? 'flags/' . $row['flag'] : '')
+                       );
                }
                $GLOBALS['TYPO3_DB']->sql_free_result($res);