[SECURITY] Replace parseFunc with htmlspecialchars in element "table" 81/45281/2
authorGeorg Ringer <georg.ringer@gmail.com>
Tue, 15 Dec 2015 10:37:54 +0000 (11:37 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 15 Dec 2015 10:38:04 +0000 (11:38 +0100)
Instead of using the lib.parseFunc htmlspecialchars is used for
the table cell rendering.

Resolves: #25245
Releases: master, 6.2
Security-Commit: 7810e48bcd34b3769b981ad3a77b4057312c73fc
Security-Bulletins: TYPO3-CORE-SA-2015-010, 011, 012, 013, 014, 015
Change-Id: I2f4a6c83e5201685c2549f4fd3f0108c39309c2d
Reviewed-on: https://review.typo3.org/45281
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/css_styled_content/static/setup.txt
typo3/sysext/css_styled_content/static/v6.2/setup.txt

index c093293..86fcc40 100644 (file)
@@ -1398,7 +1398,7 @@ tt_content.table {
                cellspacing =
        }
        20.innerStdWrap.wrap = |
-       20.innerStdWrap.parseFunc = < lib.parseFunc
+       20.innerStdWrap.htmlSpecialChars = 1
 
        20.stdWrap {
                editIcons = tt_content: cols, bodytext, [layout], [table_bgColor|table_border|table_cellspacing|table_cellpadding]
index b8e286d..1bc1a23 100644 (file)
@@ -1410,7 +1410,7 @@ tt_content.table {
                cellspacing =
        }
        20.innerStdWrap.wrap = |
-       20.innerStdWrap.parseFunc = < lib.parseFunc
+       20.innerStdWrap.htmlSpecialChars = 1
 
        20.stdWrap {
                editIcons = tt_content: cols, bodytext, [layout], [table_bgColor|table_border|table_cellspacing|table_cellpadding]