[BUGFIX] Properly HTML encode site name in page module 87/56087/2
authorHelmut Hummel <typo3@helhum.io>
Fri, 9 Mar 2018 21:14:09 +0000 (22:14 +0100)
committerMarkus Klein <markus.klein@typo3.org>
Sat, 10 Mar 2018 13:32:00 +0000 (14:32 +0100)
Resolves: #84191
Releases: master, 8.7, 7.6
Change-Id: Id0f2da6f77b3c01293478329503dc922ccd7e72c
Reviewed-on: https://review.typo3.org/56087
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
typo3/sysext/backend/Classes/Controller/PageLayoutController.php

index 0188221..e356a54 100644 (file)
@@ -674,7 +674,7 @@ class PageLayoutController
                 'mainJsFunctions',
                 'if (top.fsMod) top.fsMod.recentIds["web"] = ' . (int)$this->id . ';'
             );
-            $content .= '<h1>' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] . '</h1>';
+            $content .= '<h1>' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']) . '</h1>';
             $view = GeneralUtility::makeInstance(StandaloneView::class);
             $view->setTemplatePathAndFilename(GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Private/Templates/InfoBox.html'));
             $view->assignMultiple([