[BUGFIX] Escape title tag of image links 03/22803/3
authorAlexander Stehlik <alexander.stehlik@googlemail.com>
Sun, 4 Aug 2013 11:54:53 +0000 (13:54 +0200)
committerStefan Neufeind <typo3.neufeind@speedpartner.de>
Tue, 27 Aug 2013 08:57:25 +0000 (10:57 +0200)
This patch adds a missing call to htmlspecialchars() when
the title tag of image links is initialized.

Resolves: #50760
Releases: 6.2, 6.1, 6.0, 4.7, 4.5
Change-Id: If41f33d9621f7790c0ff0de4aebcd7cdcb59707f
Reviewed-on: https://review.typo3.org/22803
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
typo3/sysext/css_styled_content/Classes/Controller/CssStyledContentController.php

index 5eb7cc7..d5bbba2 100644 (file)
@@ -665,7 +665,7 @@ class CssStyledContentController extends \TYPO3\CMS\Frontend\Plugin\AbstractPlug
                                $titleText = trim($this->cObj->stdWrap($imgConf['titleText'], $imgConf['titleText.']));
                                if ($titleText) {
                                        // This will be used by the IMAGE call later:
-                                       $GLOBALS['TSFE']->ATagParams .= ' title="' . $titleText . '"';
+                                       $GLOBALS['TSFE']->ATagParams .= ' title="' . htmlspecialchars($titleText) . '"';
                                }
                        }