[BUGFIX] additionalAttributes for be.buttons.icon-VH misses hsc 85/25485/2
authorMarkus Klein <klein.t3@mfc-linz.at>
Mon, 18 Nov 2013 10:42:02 +0000 (11:42 +0100)
committerMarc Bastian Heinrichs <typo3@mbh-software.de>
Mon, 18 Nov 2013 13:42:40 +0000 (14:42 +0100)
The values of the additional attributes for the backend icon viewhelper
need to be processed through htmlspecialchars().

Resolves: #53711
Releases: 6.2, 6.1, 6.0
Change-Id: I89794c77ad1bb7bad99517e24ae7345e0803616e
Reviewed-on: https://review.typo3.org/25485
Reviewed-by: Marc Bastian Heinrichs
Tested-by: Marc Bastian Heinrichs
typo3/sysext/fluid/Classes/ViewHelpers/Be/Buttons/IconViewHelper.php

index e87a8b6..9368d09 100755 (executable)
@@ -70,7 +70,7 @@ class IconViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Be\AbstractBackendView
                $additionalAttributes = '';
                if ($this->hasArgument('additionalAttributes') && is_array($this->arguments['additionalAttributes'])) {
                        foreach ($this->arguments['additionalAttributes'] as $argumentKey => $argumentValue) {
-                               $additionalAttributes .= ' ' . $argumentKey . '="' . $argumentValue . '"';
+                               $additionalAttributes .= ' ' . $argumentKey . '="' . htmlspecialchars($argumentValue) . '"';
                        }
                }
                $icon = \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon($icon, array('title' => $title));