* Fixed bug #11617: XSS in template module (thanks to Georg Ringer)
* Fixed bug #13249: XSS in TS Object Browser (thanks to Marcus Krause)
* Fixed bug #11621: XSS vulnerabilities in workspace module (thanks to Georg Ringer)
+ * Fixed bug #11620: XSS vulnerability in task center module (thanks to Georg Ringer)
2010-02-22 Benjamin Mack <benni@typo3.org>
* @return string header in the left side (HTML)
*/
function getleftHeader() {
- $name = $GLOBALS['BE_USER']->user['realName']?$GLOBALS['BE_USER']->user['realName']:
- $GLOBALS['BE_USER']->user['username'];
- return '<h1>TYPO3 taskcenter <br />'.$name.'</h1>';
+ $name = $GLOBALS['BE_USER']->user['realName'] ? $GLOBALS['BE_USER']->user['realName'] : $GLOBALS['BE_USER']->user['username'];
+ return '<h1>TYPO3 taskcenter <br />' . htmlspecialchars($name) . '</h1>';
}
/**