[BUGFIX] Properly encode HTML attributes in Toolbar 83/56483/2
authorFrank Naegler <frank.naegler@typo3.org>
Thu, 29 Mar 2018 14:43:02 +0000 (16:43 +0200)
committerChristian Kuhn <lolli@schwarzbu.ch>
Thu, 29 Mar 2018 15:20:08 +0000 (17:20 +0200)
Resolves: #84561
Releases: master, 8.7
Change-Id: Iacb5dbf1fc5b709acd9db1c4463a991212a26a91
Reviewed-on: https://review.typo3.org/56483
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
typo3/sysext/backend/Classes/Controller/BackendController.php

index 37e80a8..541a1d5 100644 (file)
@@ -502,27 +502,27 @@ class BackendController
                     $classes[] = $additionalAttributes['class'];
                     unset($additionalAttributes['class']);
                 }
-                $liAttributes[] = 'class="' . implode(' ', $classes) . '"';
+                $liAttributes['class'] = implode(' ', $classes);
 
                 // Add further attributes
                 foreach ($additionalAttributes as $name => $value) {
-                    $liAttributes[] = $name . '="' . $value . '"';
+                    $liAttributes[$name] = $value;
                 }
 
                 // Create a unique id from class name
-                $fullyQualifiedClassName = get_class($toolbarItem);
+                $fullyQualifiedClassName = \get_class($toolbarItem);
                 $className = GeneralUtility::underscoredToLowerCamelCase($fullyQualifiedClassName);
                 $className = GeneralUtility::camelCaseToLowerCaseUnderscored($className);
                 $className = str_replace(['_', '\\'], '-', $className);
-                $liAttributes[] = 'id="' . $className . '"';
+                $liAttributes['id'] = $className;
 
                 // Create data attribute identifier
                 $shortName = substr($fullyQualifiedClassName, strrpos($fullyQualifiedClassName, '\\') + 1);
                 $dataToolbarIdentifier = GeneralUtility::camelCaseToLowerCaseUnderscored($shortName);
                 $dataToolbarIdentifier = str_replace('_', '-', $dataToolbarIdentifier);
-                $liAttributes[] = 'data-toolbar-identifier="' . htmlspecialchars($dataToolbarIdentifier) . '"';
+                $liAttributes['data-toolbar-identifier'] = $dataToolbarIdentifier;
 
-                $toolbar[] = '<li ' . implode(' ', $liAttributes) . '>';
+                $toolbar[] = '<li ' . GeneralUtility::implodeAttributes($liAttributes, true) . '>';
 
                 if ($hasDropDown) {
                     $toolbar[] = '<a href="#" class="toolbar-item-link dropdown-toggle" data-toggle="dropdown">';