Fixed bug #11620: XSS vulnerability in task center module

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@6996 709f56b5-9817-0410-a4d7-c38de5d9e867

diff --git a/ChangeLog b/ChangeLog
index 75eb7b3..e84c522 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@
        * Fixed bug #11617: XSS in template module (thanks to Georg Ringer)
        * Fixed bug #13249: XSS in TS Object Browser (thanks to Marcus Krause)
        * Fixed bug #11621: XSS vulnerabilities in workspace module (thanks to Georg Ringer)
+       * Fixed bug #11620: XSS vulnerability in task center module (thanks to Georg Ringer)
 
 2010-02-22  Benjamin Mack  <benni@typo3.org>
 

diff --git a/typo3/sysext/taskcenter/task/index.php b/typo3/sysext/taskcenter/task/index.php
index b94e585..ff581f5 100755 (executable)
--- a/typo3/sysext/taskcenter/task/index.php
+++ b/typo3/sysext/taskcenter/task/index.php
@@ -159,9 +159,8 @@ class SC_mod_user_task_index extends t3lib_SCbase {
         * @return      string          header in the left side (HTML)
         */
        function getleftHeader() {
-               $name = $GLOBALS['BE_USER']->user['realName']?$GLOBALS['BE_USER']->user['realName']:
-               $GLOBALS['BE_USER']->user['username'];
-               return '<h1>TYPO3 taskcenter <br />'.$name.'</h1>';
+               $name = $GLOBALS['BE_USER']->user['realName'] ? $GLOBALS['BE_USER']->user['realName'] : $GLOBALS['BE_USER']->user['username'];
+               return '<h1>TYPO3 taskcenter <br />' . htmlspecialchars($name) . '</h1>';
        }
 
        /**