[BUGFIX] Properly HTML encode site name in page module 83/56083/2
authorHelmut Hummel <typo3@helhum.io>
Fri, 9 Mar 2018 21:14:09 +0000 (22:14 +0100)
committerMarkus Klein <markus.klein@typo3.org>
Fri, 9 Mar 2018 21:46:13 +0000 (22:46 +0100)
Resolves: #84191
Releases: master, 8.7, 7.6
Change-Id: Id0f2da6f77b3c01293478329503dc922ccd7e72c
Reviewed-on: https://review.typo3.org/56083
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Tested-by: Nicole Cordes <typo3@cordes.co>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
typo3/sysext/backend/Classes/Controller/PageLayoutController.php

index ced13cd..b11a6d4 100644 (file)
@@ -784,7 +784,7 @@ class PageLayoutController
                 'mainJsFunctions',
                 'if (top.fsMod) top.fsMod.recentIds["web"] = ' . (int)$this->id . ';'
             );
-            $content .= '<h1>' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] . '</h1>';
+            $content .= '<h1>' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']) . '</h1>';
             $view = GeneralUtility::makeInstance(StandaloneView::class);
             $view->setTemplatePathAndFilename(GeneralUtility::getFileAbsFileName('EXT:backend/Resources/Private/Templates/InfoBox.html'));
             $view->assignMultiple([