[TASK] Add htmlspecial to ShowPic file properties 36/28436/2
authorErnesto Baschny <ernst@cron-it.de>
Sun, 16 Mar 2014 02:25:22 +0000 (03:25 +0100)
committerErnesto Baschny <ernst@cron-it.de>
Sun, 16 Mar 2014 02:39:58 +0000 (03:39 +0100)
Follow-up to 2a85eeb6d623e74955703b254e24b958790c9a45

Resolves: #56723
Releases: 6.2
Change-Id: Ib3881b7be6f3cf87c0bc36a8a32fedcf2fa53029
Reviewed-on: https://review.typo3.org/28436
Reviewed-by: Ernesto Baschny
Tested-by: Ernesto Baschny
typo3/sysext/frontend/Classes/Controller/ShowImageController.php

index 79ac594..166560d 100644 (file)
@@ -161,9 +161,9 @@ EOF;
        public function main() {
                $processedImage = $this->processImage();
                $imageTagMarkers = array(
-                       '###publicUrl###' => $processedImage->getPublicUrl(),
-                       '###alt###' => ($this->file->getProperty('alternative') ?: $this->title),
-                       '###title###' => ($this->file->getProperty('title') ?: $this->title)
+                       '###publicUrl###' => htmlspecialchars($processedImage->getPublicUrl()),
+                       '###alt###' => htmlspecialchars($this->file->getProperty('alternative') ?: $this->title),
+                       '###title###' => htmlspecialchars($this->file->getProperty('title') ?: $this->title)
                );
                $this->imageTag = str_replace(array_keys($imageTagMarkers), array_values($imageTagMarkers), $this->imageTag);
                if ($this->wrap !== '|') {