-
The language label for the refresh login popup contains the username already and is persisted to the filesystem. Use TYPO3.configuration.username and replace it with JavaScript instead to prevent the information disclosure. Resolves: #75933 Releases: master, 7.6, 6.2 Security-Commit: 0e7b21b3f455fef6703656889c43993976a4a6bc Security-Bulletins: TYPO3-CORE-SA-2016-014, 015, 016, 017, 018 Change-Id: I14964781014b95d9753ad8d6ed79df5f25c1fa5c Reviewed-on: https://review.typo3.org/49081 Reviewed-by:
Oliver Hader <oliver.hader@typo3.org> Tested-by:
93ce2867
