[SECURITY] Possible XSS in felogin messages 79/45279/2
authorGeorg Ringer <mail@ringerge.org>
Tue, 15 Dec 2015 10:37:16 +0000 (11:37 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 15 Dec 2015 10:37:25 +0000 (11:37 +0100)
commitf412d4980970497de35292905219f881f2119661
tree5521243039b765cd14218ed55d1595336b90f648
parentabd1c460adea6d784fa006ed432561b1f42ea75e
[SECURITY] Possible XSS in felogin messages

Change default TypoScript to encode messages in felogin
with htmlspecialchars.

Fix two occurences of _LOCAL_LANG messages where htmlspecialchars
was missing.

Resolves: #25243
Releases: master, 6.2
Security-Commit: 341a017859b2c3c99b675fb787b1c5a7af8cef6f
Security-Bulletins: TYPO3-CORE-SA-2015-010, 011, 012, 013, 014, 015
Change-Id: Icddb2be90bced5ef51439630a5b47bf6bc04f624
Reviewed-on: https://review.typo3.org/45279
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>
typo3/sysext/felogin/Classes/Controller/FrontendLoginController.php
typo3/sysext/felogin/ext_typoscript_setup.txt