[SECURITY] Fix select_key XSS in PageLayoutView

Apply htmlspecialchars() to avoid a XSS when rendering
the value of select_key.

Resolves: #77906
Releases: master, 8.3, 7.6, 6.2
Security-Commit: 161d2b3dfa893c15e08fdd8041a6b3e0ce8e6a1b
Security-Bulletins: TYPO3-CORE-SA-2016-020, 021
Change-Id: I2311302eb5c774e210f76162ec273505ef3e8015
Reviewed-on: https://review.typo3.org/49920
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>

diff --git a/typo3/sysext/backend/Classes/View/PageLayoutView.php b/typo3/sysext/backend/Classes/View/PageLayoutView.php
index f308f96..f01842f 100644 (file)
--- a/typo3/sysext/backend/Classes/View/PageLayoutView.php
+++ b/typo3/sysext/backend/Classes/View/PageLayoutView.php
@@ -1689,7 +1689,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
                         }
                     } elseif (!empty($row['select_key'])) {
                         $out .= $this->getLanguageService()->sL(BackendUtility::getItemLabel('tt_content', 'select_key'), true)
-                            . ' ' . $row['select_key'] . '<br />';
+                            . ' ' . htmlspecialchars($row['select_key']) . '<br />';
                     } else {
                         $out .= '<strong>' . $this->getLanguageService()->getLL('noPluginSelected') . '</strong>';
                     }