[BUGFIX] Remove double escaping in template module 91/51391/2
authorGeorg Ringer <georg.ringer@gmail.com>
Mon, 23 Jan 2017 06:59:14 +0000 (07:59 +0100)
committerTymoteusz Motylewski <t.motylewski@gmail.com>
Mon, 23 Jan 2017 18:27:40 +0000 (19:27 +0100)
The information of a template (title, site title, description) is
already escaped by using fluid. Therefore the htmlspecialchars() must be
removed in the controller.

This is a fix of the regression of the fluidification of #75031.

Resolves: #79424
Releases: master
Change-Id: Iead09ee8f8f0256eee10c2585408d549dbe5c44c
Reviewed-on: https://review.typo3.org/51391
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Tymoteusz Motylewski <t.motylewski@gmail.com>
Tested-by: Tymoteusz Motylewski <t.motylewski@gmail.com>
typo3/sysext/tstemplate/Classes/Controller/TypoScriptTemplateInformationModuleFunctionController.php
typo3/sysext/tstemplate/Resources/Private/Templates/InformationModule.html

index 66fe71f..4af3806 100644 (file)
@@ -269,9 +269,9 @@ class TypoScriptTemplateInformationModuleFunctionController extends AbstractFunc
 
             // Processing:
             $tableRows = [];
-            $tableRows[] = $this->tableRowData($lang->getLL('title'), htmlspecialchars($this->templateRow['title']), 'title', $this->templateRow['uid']);
-            $tableRows[] = $this->tableRowData($lang->getLL('sitetitle'), htmlspecialchars($this->templateRow['sitetitle']), 'sitetitle', $this->templateRow['uid']);
-            $tableRows[] = $this->tableRowData($lang->getLL('description'), nl2br(htmlspecialchars($this->templateRow['description'])), 'description', $this->templateRow['uid']);
+            $tableRows[] = $this->tableRowData($lang->getLL('title'), $this->templateRow['title'], 'title', $this->templateRow['uid']);
+            $tableRows[] = $this->tableRowData($lang->getLL('sitetitle'), $this->templateRow['sitetitle'], 'sitetitle', $this->templateRow['uid']);
+            $tableRows[] = $this->tableRowData($lang->getLL('description'), $this->templateRow['description'], 'description', $this->templateRow['uid']);
             $tableRows[] = $this->tableRowData($lang->getLL('constants'), sprintf($lang->getLL('editToView'), trim($this->templateRow['constants']) ? count(explode(LF, $this->templateRow['constants'])) : 0), 'constants', $this->templateRow['uid']);
             $tableRows[] = $this->tableRowData($lang->getLL('setup'), sprintf($lang->getLL('editToView'), trim($this->templateRow['config']) ? count(explode(LF, $this->templateRow['config'])) : 0), 'config', $this->templateRow['uid']);
             $assigns['tableRows'] = $tableRows;
index ef1dd56..85bcbb9 100644 (file)
@@ -53,7 +53,7 @@
 <f:section name="TemplateTableRow">
     <tr>
         <td><a href="{line.url}" title="{f:translate(key:'LLL:EXT:lang/Resources/Private/Language/locallang_common.xlf:editField')}"><strong>{line.label}</strong></a></td>
-        <td width="80%">{line.data}</td>
+        <td width="80%">{line.data -> f:format.nl2br()}</td>
         <td><a href="{line.url}" title="{f:translate(key:'LLL:EXT:lang/Resources/Private/Language/locallang_common.xlf:editField')}"><span class="btn btn-default"><core:icon identifier="actions-open" /></span></a></td>
     </tr>
 </f:section>