[SECURITY] Fix select_key XSS in PageLayoutView 20/49920/2
authorGeorg Ringer <georg.ringer@gmail.com>
Tue, 13 Sep 2016 09:52:44 +0000 (11:52 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 13 Sep 2016 09:52:46 +0000 (11:52 +0200)
commite292d9ead6965ba48ada0d16ef579bada773a138
tree028f4498f17c97e6412448e3ec8a67d6cc5b8d73
parent3e74ca52d749befdcbd5b400de9da4dba5d2c9fe
[SECURITY] Fix select_key XSS in PageLayoutView

Apply htmlspecialchars() to avoid a XSS when rendering
the value of select_key.

Resolves: #77906
Releases: master, 8.3, 7.6, 6.2
Security-Commit: 161d2b3dfa893c15e08fdd8041a6b3e0ce8e6a1b
Security-Bulletins: TYPO3-CORE-SA-2016-020, 021
Change-Id: I2311302eb5c774e210f76162ec273505ef3e8015
Reviewed-on: https://review.typo3.org/49920
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/backend/Classes/View/PageLayoutView.php