Fixed bug #13961: XSS in impexp (thanks to Georg Ringer)
authorOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 08:55:45 +0000 (08:55 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 28 Jul 2010 08:55:45 +0000 (08:55 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@8338 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/sysext/impexp/app/index.php

index 11a503a..e616c44 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,7 @@
        * Fixed bug #11618: XSS vulnerability in install tool / BE login (thanks to Georg Ringer)
        * Fixed bug #14950: XSS in t3editor (thanks to Tobias Liebig)
        * Fixed bug #14850: Information disclosure in t3lib_htmlmail (thanks to Georg Ringer)
+       * Fixed bug #13961: XSS in impexp (thanks to Georg Ringer)
 
 2010-07-21  Ingo Renner  <ingo@typo3.org>
 
index 75b1bcd..ff6cd9b 100755 (executable)
@@ -1427,7 +1427,7 @@ class SC_mod_tools_log_index extends t3lib_SCbase {
                                        'preset_data' => serialize($inData)
                                );
                                $GLOBALS['TYPO3_DB']->exec_INSERTquery('tx_impexp_presets',$fields_values);
-                               $msg = 'New preset "'.$inData['preset']['title'].'" is created';
+                               $msg = 'New preset "' . htmlspecialchars($inData['preset']['title']) . '" is created';
                        }
                }