Commit e9489106 authored by Valentin Despa's avatar Valentin Despa Committed by Markus Klein
Browse files

[TASK] Remove second parameter of sL - Part 2/3

Remove the second parameter of sL and replace it
with htmlspecialchars directly in the code.

Resolves: #76325
Related: #71917
Releases: master
Change-Id: Ibaae459cb81a4fb9616e953d772603acf85e4d11
Reviewed-on: https://review.typo3.org/48344


Reviewed-by: Wouter Wolters's avatarWouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters's avatarWouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein's avatarMarkus Klein <markus.klein@typo3.org>
parent 209ee46d
......@@ -185,7 +185,7 @@ abstract class AbstractContextMenuDataProvider
unset($action);
continue;
}
$label = $this->getLanguageService()->sL($actionConfiguration['label'], true);
$label = htmlspecialchars($this->getLanguageService()->sL($actionConfiguration['label']));
if ($type === 'SUBMENU') {
$action->setType('submenu');
$action->setChildActions($this->getNextContextMenuLevel($actionConfiguration, $node, $level + 1));
......
......@@ -1168,7 +1168,7 @@ class EditDocumentController extends AbstractModule
// Create message from exception.
$message = $e->getMessage() . ' ' . $e->getCode();
}
$editForm .= $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.noEditPermission', true)
$editForm .= htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.noEditPermission'))
. '<br /><br />' . htmlspecialchars($message) . '<br /><br />';
}
} // End of for each uid
......@@ -1576,7 +1576,7 @@ class EditDocumentController extends AbstractModule
));
foreach ($langRows as $lang) {
if ($this->getBackendUser()->checkLanguageAccess($lang['uid'])) {
$newTranslation = isset($rowsByLang[$lang['uid']]) ? '' : ' [' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.new', true) . ']';
$newTranslation = isset($rowsByLang[$lang['uid']]) ? '' : ' [' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.new')) . ']';
// Create url for creating a localized record
if ($newTranslation) {
$redirectUrl = BackendUtility::getModuleUrl('record_edit', array(
......
......@@ -107,8 +107,8 @@ class CreateFolderController extends AbstractModule
}
// Cleaning and checking target directory
if (!$this->folderObject) {
$title = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError', true);
$message = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir', true);
$title = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError'));
$message = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir'));
throw new \RuntimeException($title . ': ' . $message, 1294586845);
}
if ($this->folderObject->getStorage()->getUid() === 0) {
......@@ -207,13 +207,13 @@ class CreateFolderController extends AbstractModule
// Making submit button for folder creation:
$code .= '
</div><div class="form-group">
<input class="btn btn-default" type="submit" value="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.submit', true) . '" />
<input class="btn btn-default" type="submit" value="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.submit')) . '" />
<input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
</div>
';
// Switching form tags:
$pageContent .= '<h3>' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfolders', true) . '</h3>';
$pageContent .= '<h3>' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfolders')) . '</h3>';
$pageContent .= '<div>' . $code . '</form></div>';
}
......@@ -232,14 +232,14 @@ class CreateFolderController extends AbstractModule
<div class="form-group">
<div class="form-section">
<div class="form-group">
<label for="newMedia">' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.label', true) . '</label> ' . BackendUtility::cshItem('xMOD_csh_corebe', 'file_newMedia') . '
<label for="newMedia">' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.label')) . '</label> ' . BackendUtility::cshItem('xMOD_csh_corebe', 'file_newMedia') . '
<div class="form-control-wrap">
<input class="form-control" type="text" id="newMedia" name="file[newMedia][0][url]"
placeholder="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.placeholder', true) . '" />
placeholder="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.placeholder')) . '" />
<input type="hidden" name="file[newMedia][0][target]" value="' . htmlspecialchars($this->target) . '" />
</div>
<div class="help-block">
' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.allowedProviders', true) . '<br>
' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.allowedProviders')) . '<br>
' . implode(' ', $fileExtList) . '
</div>
</div>
......@@ -249,11 +249,11 @@ class CreateFolderController extends AbstractModule
// Submit button for creation of a new media:
$code .= '
<div class="form-group">
<input class="btn btn-default" type="submit" value="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.submit', true) . '" />
<input class="btn btn-default" type="submit" value="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.submit')) . '" />
<input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
</div>
';
$pageContent .= '<h3>' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media', true) . '</h3>';
$pageContent .= '<h3>' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media')) . '</h3>';
$pageContent .= '<div>' . $code . '</div>';
$pageContent .= '</form>';
......@@ -271,13 +271,13 @@ class CreateFolderController extends AbstractModule
<div class="form-group">
<div class="form-section">
<div class="form-group">
<label for="newfile">' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.label_newfile', true) . '</label> ' . BackendUtility::cshItem('xMOD_csh_corebe', 'file_newfile') . '
<label for="newfile">' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.label_newfile')) . '</label> ' . BackendUtility::cshItem('xMOD_csh_corebe', 'file_newfile') . '
<div class="form-control-wrap">
<input class="form-control" type="text" id="newfile" name="file[newfile][0][data]" onchange="changed=true;" />
<input type="hidden" name="file[newfile][0][target]" value="' . htmlspecialchars($this->target) . '" />
</div>
<div class="help-block">
' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:cm.allowedFileExtensions', true) . '<br>
' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:cm.allowedFileExtensions')) . '<br>
' . implode(' ', $fileExtList) . '
</div>
</div>
......@@ -287,11 +287,11 @@ class CreateFolderController extends AbstractModule
// Submit button for "creation of a new file":
$code .= '
<div class="form-group">
<button class="btn btn-default" name="edit" type="submit" value="1">' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfile_submit', true) . '</button>
<button class="btn btn-default" name="edit" type="submit" value="1">' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfile_submit')) . '</button>
<input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
</div>
';
$pageContent .= '<h3>' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfile', true) . '</h3>';
$pageContent .= '<h3>' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfile')) . '</h3>';
$pageContent .= '<div>' . $code . '</div>';
$pageContent .= '</form>';
}
......
......@@ -103,8 +103,8 @@ class FileUploadController extends AbstractModule
// Cleaning and checking target directory
if (!$this->folderObject) {
$title = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError', true);
$message = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir', true);
$title = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError'));
$message = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir'));
throw new \RuntimeException($title . ': ' . $message, 1294586843);
}
......@@ -192,7 +192,7 @@ class FileUploadController extends AbstractModule
$content .= '
<div id="c-submit">
<input type="hidden" name="redirect" value="' . $this->returnUrl . '" /><br />
<input class="btn btn-default" type="submit" value="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.php.submit', true) . '" />
<input class="btn btn-default" type="submit" value="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.php.submit')) . '" />
</div>
';
return $content;
......
......@@ -88,8 +88,8 @@ class RenameFileController extends AbstractModule
$this->fileOrFolderObject = \TYPO3\CMS\Core\Resource\ResourceFactory::getInstance()->retrieveFileOrFolderObject($this->target);
}
if (!$this->fileOrFolderObject) {
$title = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError', true);
$message = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir', true);
$title = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError'));
$message = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir'));
throw new \RuntimeException($title . ': ' . $message, 1294586844);
}
if ($this->fileOrFolderObject->getStorage()->getUid() === 0) {
......@@ -151,9 +151,9 @@ class RenameFileController extends AbstractModule
$pageContent .= '
<div class="form-group">
<input class="btn btn-primary" type="submit" value="' .
$this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:file_rename.php.submit', true) . '" />
htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:file_rename.php.submit')) . '" />
<input class="btn btn-danger" type="submit" value="' .
$this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.cancel', true) .
htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.cancel')) .
'" onclick="backToList(); return false;" />
<input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
</div>
......
......@@ -104,8 +104,8 @@ class ReplaceFileController extends AbstractModule
->retrieveFileOrFolderObject('file:' . $this->uid);
}
if (!$this->fileOrFolderObject) {
$title = $lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError', true);
$message = $lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir', true);
$title = htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError'));
$message = htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir'));
throw new \RuntimeException($title . ': ' . $message, 1436895930);
}
if ($this->fileOrFolderObject->getStorage()->getUid() === 0) {
......@@ -187,9 +187,9 @@ class ReplaceFileController extends AbstractModule
$code .= '
<div class="form-group">
<input class="btn btn-primary" type="submit" value="'
. $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_replace.php.submit', true) . '" />
. htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_replace.php.submit')) . '" />
<input class="btn btn-danger" type="submit" value="'
. $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.cancel', true)
. htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.cancel'))
. '" onclick="backToList(); return false;" />
<input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
</div>
......
......@@ -451,11 +451,11 @@ class NewRecordController extends AbstractModule
$newPageLinks = array();
if ($displayNewPagesIntoLink && $this->isTableAllowedForThisPage($this->pageinfo, 'pages') && $this->getBackendUserAuthentication()->check('tables_modify', 'pages') && $this->getBackendUserAuthentication()->workspaceCreateNewRecord(($this->pageinfo['_ORIG_uid'] ?: $this->id), 'pages')) {
// Create link to new page inside:
$newPageLinks[] = $this->linkWrap($this->moduleTemplate->getIconFactory()->getIconForRecord($table, array(), Icon::SIZE_SMALL)->render() . $lang->sL($v['ctrl']['title'], true) . ' (' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:db_new.php.inside', true) . ')', $table, $this->id);
$newPageLinks[] = $this->linkWrap($this->moduleTemplate->getIconFactory()->getIconForRecord($table, array(), Icon::SIZE_SMALL)->render() . htmlspecialchars($lang->sL($v['ctrl']['title'])) . ' (' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:db_new.php.inside')) . ')', $table, $this->id);
}
// New pages AFTER this pages
if ($displayNewPagesAfterLink && $this->isTableAllowedForThisPage($this->pidInfo, 'pages') && $this->getBackendUserAuthentication()->check('tables_modify', 'pages') && $this->getBackendUserAuthentication()->workspaceCreateNewRecord($this->pidInfo['uid'], 'pages')) {
$newPageLinks[] = $this->linkWrap($pageIcon . $lang->sL($v['ctrl']['title'], true) . ' (' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:db_new.php.after', true) . ')', 'pages', -$this->id);
$newPageLinks[] = $this->linkWrap($pageIcon . htmlspecialchars($lang->sL($v['ctrl']['title'])) . ' (' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:db_new.php.after')) . ')', 'pages', -$this->id);
}
// New pages at selection position
if ($this->newPagesSelectPosition && $this->showNewRecLink('pages')) {
......@@ -494,7 +494,7 @@ class NewRecordController extends AbstractModule
$rowContent = '';
$thisTitle = '';
// Create new link for record:
$newLink = $this->linkWrap($newRecordIcon . $lang->sL($v['ctrl']['title'], true), $table, $this->id);
$newLink = $this->linkWrap($newRecordIcon . htmlspecialchars($lang->sL($v['ctrl']['title'])), $table, $this->id);
// If the table is 'tt_content', create link to wizard
if ($table == 'tt_content') {
$groupName = $lang->getLL('createNewContent');
......
......@@ -1493,7 +1493,7 @@ class PageLayoutController
->setHref('#');
$quickEditMenu->addMenuItem($menuItem);
$menuItem = $quickEditMenu->makeMenuItem()
->setTitle('__' . $lang->sL(BackendUtility::getLabelFromItemlist('tt_content', 'colPos', $colPos), true) . ':__')
->setTitle('__' . htmlspecialchars($lang->sL(BackendUtility::getLabelFromItemlist('tt_content', 'colPos', $colPos))) . ':__')
->setHref(BackendUtility::getModuleUrl($this->moduleName) . '&id=' . $this->id . '&edit_record=_EDIT_COL:' . $colPos . $retUrlStr);
$quickEditMenu->addMenuItem($menuItem);
}
......@@ -1545,7 +1545,7 @@ class PageLayoutController
$lang = $this->getLanguageService();
$languageMenu = $this->moduleTemplate->getDocHeaderComponent()->getMenuRegistry()->makeMenu();
$languageMenu->setIdentifier('languageMenu');
$languageMenu->setLabel($lang->sL('LLL:EXT:lang/locallang_general.xlf:LGL.language', true));
$languageMenu->setLabel(htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_general.xlf:LGL.language')));
foreach ($this->MOD_MENU['language'] as $key => $language) {
$menuItem = $languageMenu
->makeMenuItem()
......
......@@ -479,7 +479,7 @@ function jumpToUrl(URL) {
', ' . $url . ', ' . $confirmationText . ', ' . $motherModule . ', this);return false;';
return '<a href="#" class="' . htmlspecialchars($classes) . '" onclick="' . htmlspecialchars($onClick) . '" title="' .
$GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.makeBookmark', true) . '">' .
htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.makeBookmark')) . '">' .
$this->iconFactory->getIcon('actions-system-shortcut-new', Icon::SIZE_SMALL)->render() . '</a>';
}
......@@ -1440,7 +1440,7 @@ function jumpToUrl(URL) {
$title = '';
}
// Setting the path of the page
$pagePath = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.path', true) . ': <span class="typo3-docheader-pagePath">';
$pagePath = htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.path')) . ': <span class="typo3-docheader-pagePath">';
// crop the title to title limit (or 50, if not defined)
$cropLength = empty($GLOBALS['BE_USER']->uc['titleLen']) ? 50 : $GLOBALS['BE_USER']->uc['titleLen'];
$croppedTitle = GeneralUtility::fixed_lgd_cs($title, -$cropLength);
......
......@@ -548,7 +548,7 @@ class ModuleTemplate
', ' . $url . ', ' . $confirmationText . ', ' . $motherModule . ', this, ' . GeneralUtility::quoteJSvalue($displayName) . ');return false;';
return '<a href="#" class="' . htmlspecialchars($classes) . '" onclick="' . htmlspecialchars($onClick) . '" title="' .
$this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.makeBookmark', true) . '">' .
htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.makeBookmark')) . '">' .
$this->iconFactory->getIcon('actions-system-shortcut-new', Icon::SIZE_SMALL)->render() . '</a>';
}
......
......@@ -1955,7 +1955,7 @@ class BackendUtility
*/
public static function getNoRecordTitle($prep = false)
{
$noTitle = '[' . static::getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title', true) . ']';
$noTitle = '[' . htmlspecialchars(static::getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title')) . ']';
if ($prep) {
$noTitle = '<em>' . $noTitle . '</em>';
}
......
......@@ -163,8 +163,8 @@ class TranslationStatusController extends \TYPO3\CMS\Backend\Module\AbstractFunc
) . '">' . $this->iconFactory->getIcon('actions-document-open', Icon::SIZE_SMALL)->render() . '</a>';
$info .= str_replace('###LANG_UID###', '0', $viewPageLink);
$info .= '&nbsp;';
$info .= GeneralUtility::hideIfDefaultLanguage($data['row']['l18n_cfg']) ? '<span title="' . $lang->sL('LLL:EXT:frontend/Resources/Private/Language/locallang_tca.xlf:pages.l18n_cfg.I.1', true) . '">D</span>' : '&nbsp;';
$info .= GeneralUtility::hideIfNotTranslated($data['row']['l18n_cfg']) ? '<span title="' . $lang->sL('LLL:EXT:frontend/Resources/Private/Language/locallang_tca.xlf:pages.l18n_cfg.I.2', true) . '">N</span>' : '&nbsp;';
$info .= GeneralUtility::hideIfDefaultLanguage($data['row']['l18n_cfg']) ? '<span title="' . htmlspecialchars($lang->sL('LLL:EXT:frontend/Resources/Private/Language/locallang_tca.xlf:pages.l18n_cfg.I.1')) . '">D</span>' : '&nbsp;';
$info .= GeneralUtility::hideIfNotTranslated($data['row']['l18n_cfg']) ? '<span title="' . htmlspecialchars($lang->sL('LLL:EXT:frontend/Resources/Private/Language/locallang_tca.xlf:pages.l18n_cfg.I.2')) . '">N</span>' : '&nbsp;';
// Put into cell:
$tCells[] = '<td class="' . $status . ' col-border-left btn-group">' . $info . '</td>';
$tCells[] = '<td class="' . $status . '" title="' . $lang->sL(
......
......@@ -278,7 +278,7 @@ class LanguageController extends ActionController
/** @var Menu $menu */
$menu = GeneralUtility::makeInstance(Menu::class);
$menu->setIdentifier('_languageMenu');
$menu->setLabel($this->getLanguageService()->sL('LLL:EXT:lang/locallang_general.xlf:LGL.language', true));
$menu->setLabel($this->getLanguageService()->sL('LLL:EXT:lang/locallang_general.xlf:LGL.language'));
/** @var MenuItem $languageListMenuItem */
$languageListMenuItem = GeneralUtility::makeInstance(MenuItem::class);
......
......@@ -244,7 +244,7 @@ abstract class AbstractLinkBrowserController
$this->linkHandlers[$identifier] = [
'handlerInstance' => $handler,
'label' => $lang->sL($configuration['label'], true),
'label' => htmlspecialchars($lang->sL($configuration['label'])),
'displayBefore' => isset($configuration['displayBefore']) ? GeneralUtility::trimExplode(',', $configuration['displayBefore']) : [],
'displayAfter' => isset($configuration['displayAfter']) ? GeneralUtility::trimExplode(',', $configuration['displayAfter']) : [],
'scanBefore' => isset($configuration['scanBefore']) ? GeneralUtility::trimExplode(',', $configuration['scanBefore']) : [],
......
......@@ -567,7 +567,7 @@ class AbstractDatabaseRecordList extends AbstractRecordList
foreach ($searchLevelItems as $kv => $label) {
$opt[] = '<option value="' . $kv . '"' . ($kv === $this->searchLevels ? ' selected="selected"' : '') . '>' . htmlspecialchars($label) . '</option>';
}
$lMenu = '<select class="form-control" name="search_levels" title="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.search_levels', true) . '" id="search_levels">' . implode('', $opt) . '</select>';
$lMenu = '<select class="form-control" name="search_levels" title="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.search_levels')) . '" id="search_levels">' . implode('', $opt) . '</select>';
// Table with the search box:
$content = '<div class="db_list-searchbox-form db_list-searchbox-toolbar module-docheader-bar module-docheader-bar-search t3js-module-docheader-bar t3js-module-docheader-bar-search" id="db_list-searchbox-toolbar" style="display: ' . ($this->searchString == '' ? 'none' : 'block') . ';">
' . $formElements[0] . '
......@@ -576,19 +576,19 @@ class AbstractDatabaseRecordList extends AbstractRecordList
<div class="panel-body">
<div class="form-inline form-inline-spaced">
<div class="form-group">
<input class="form-control" type="search" placeholder="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.enterSearchString', true) . '" title="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.searchString', true) . '" name="search_field" id="search_field" value="' . htmlspecialchars($this->searchString) . '" />
<input class="form-control" type="search" placeholder="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.enterSearchString')) . '" title="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.searchString')) . '" name="search_field" id="search_field" value="' . htmlspecialchars($this->searchString) . '" />
</div>
<div class="form-group">
<label for="search_levels">' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.label.search_levels', true) . ': </label>
<label for="search_levels">' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.label.search_levels')) . ': </label>
' . $lMenu . '
</div>
<div class="form-group">
<label for="showLimit">' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.label.limit', true) . ': </label>
<input class="form-control" type="number" min="0" max="10000" placeholder="10" title="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.limit', true) . '" name="showLimit" id="showLimit" value="' . htmlspecialchars(($this->showLimit ? $this->showLimit : '')) . '" />
<label for="showLimit">' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.label.limit')) . ': </label>
<input class="form-control" type="number" min="0" max="10000" placeholder="10" title="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.limit')) . '" name="showLimit" id="showLimit" value="' . htmlspecialchars(($this->showLimit ? $this->showLimit : '')) . '" />
</div>
<div class="form-group">
<button type="submit" class="btn btn-default" name="search" title="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.search', true) . '">
' . $iconFactory->getIcon('actions-search', Icon::SIZE_SMALL)->render() . ' ' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.search', true) . '
<button type="submit" class="btn btn-default" name="search" title="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.search')) . '">
' . $iconFactory->getIcon('actions-search', Icon::SIZE_SMALL)->render() . ' ' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.search')) . '
</button>
</div>
</div>
......@@ -847,7 +847,7 @@ class AbstractDatabaseRecordList extends AbstractRecordList
$origCode = $code;
// If the title is blank, make a "no title" label:
if ((string)$code === '') {
$code = '<i>[' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title', 1) . ']</i> - ' . htmlspecialchars(GeneralUtility::fixed_lgd_cs(
$code = '<i>[' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title')) . ']</i> - ' . htmlspecialchars(GeneralUtility::fixed_lgd_cs(
BackendUtility::getRecordTitle($table, $row),
$this->getBackendUserAuthentication()->uc['titleLen']
));
......@@ -877,7 +877,7 @@ class AbstractDatabaseRecordList extends AbstractRecordList
if ($table == 'pages' || $table == 'tt_content') {
$code = '<a href="#" onclick="' . htmlspecialchars(
BackendUtility::viewOnClick(($table == 'tt_content' ? $this->id . '#' . $row['uid'] : $row['uid']))
) . '" title="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage', true) . '">' . $code . '</a>';
) . '" title="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage')) . '">' . $code . '</a>';
}
break;
case 'info':
......
......@@ -259,7 +259,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if (!in_array($this->pageRow['doktype'], $noViewDokTypes)) {
$onClick = htmlspecialchars(BackendUtility::viewOnClick($this->id, '', BackendUtility::BEgetRootLine($this->id)));
$buttons['view'] = '<a href="#" onclick="' . $onClick . '" title="'
. $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage', true) . '">'
. htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage')) . '">'
. $this->iconFactory->getIcon('actions-document-view', Icon::SIZE_SMALL)->render() . '</a>';
}
// New record on pages that are not locked by editlock
......@@ -298,7 +298,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
}
// Cache
$buttons['cache'] = '<a href="' . htmlspecialchars(($this->listURL() . '&clear_cache=1')) . '" title="'
. $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.clear_cache', true) . '">'
. htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.clear_cache')) . '">'
. $this->iconFactory->getIcon('actions-system-cache-clear', Icon::SIZE_SMALL)->render() . '</a>';
if ($this->table && (!isset($module->modTSconfig['properties']['noExportRecordsLinks'])
|| (isset($module->modTSconfig['properties']['noExportRecordsLinks'])
......@@ -306,20 +306,20 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
) {
// CSV
$buttons['csv'] = '<a href="' . htmlspecialchars(($this->listURL() . '&csv=1')) . '" title="'
. $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.csv', true) . '">'
. htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.csv')) . '">'
. $this->iconFactory->getIcon('actions-document-export-csv', Icon::SIZE_SMALL)->render() . '</a>';
// Export
if (ExtensionManagementUtility::isLoaded('impexp')) {
$url = BackendUtility::getModuleUrl('xMOD_tximpexp', array('tx_impexp[action]' => 'export'));
$buttons['export'] = '<a href="' . htmlspecialchars($url . '&tx_impexp[list][]='
. rawurlencode($this->table . ':' . $this->id)) . '" title="'
. $lang->sL('LLL:EXT:lang/locallang_core.xlf:rm.export', true) . '">'
. htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:rm.export')) . '">'
. $this->iconFactory->getIcon('actions-document-export-t3d', Icon::SIZE_SMALL)->render() . '</a>';
}
}
// Reload
$buttons['reload'] = '<a href="' . htmlspecialchars($this->listURL()) . '" title="'
. $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.reload', true) . '">'
. htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.reload')) . '">'
. $this->iconFactory->getIcon('actions-refresh', Icon::SIZE_SMALL)->render() . '</a>';
// Shortcut
if ($backendUser->mayMakeShortcut()) {
......@@ -333,7 +333,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if ($this->returnUrl) {
$href = htmlspecialchars(GeneralUtility::linkThisUrl($this->returnUrl, array('id' => $this->id)));
$buttons['back'] = '<a href="' . $href . '" class="typo3-goBack" title="'
. $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.goBack', true) . '">'
. htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.goBack')) . '">'
. $this->iconFactory->getIcon('actions-view-go-back', Icon::SIZE_SMALL)->render() . '</a>';
}
}
......@@ -483,7 +483,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if ($this->returnUrl) {
$href = htmlspecialchars(GeneralUtility::linkThisUrl($this->returnUrl, array('id' => $this->id)));
$buttons['back'] = '<a href="' . $href . '" class="typo3-goBack" title="'
. $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.goBack', true) . '">'
. htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.goBack')) . '">'
. $this->iconFactory->getIcon('actions-view-go-back', Icon::SIZE_SMALL) . '</a>';
}
}
......@@ -601,8 +601,8 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$selectFields = array_unique($selectFields);
$fieldListFields = $this->makeFieldList($table, 1);
if (empty($fieldListFields) && $GLOBALS['TYPO3_CONF_VARS']['BE']['debug']) {
$message = sprintf($lang->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:missingTcaColumnsMessage', true), $table, $table);
$messageTitle = $lang->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:missingTcaColumnsMessageTitle', true);
$message = sprintf(htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:missingTcaColumnsMessage')), $table, $table);
$messageTitle = htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:missingTcaColumnsMessageTitle'));
/** @var FlashMessage $flashMessage */
$flashMessage = GeneralUtility::makeInstance(
FlashMessage::class,
......@@ -677,7 +677,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
}
// If any records was selected, render the list:
if ($dbCount) {
$tableTitle = $lang->sL($GLOBALS['TCA'][$table]['ctrl']['title'], true);
$tableTitle = htmlspecialchars($lang->sL($GLOBALS['TCA'][$table]['ctrl']['title']));
if ($tableTitle === '') {
$tableTitle = $table;
}
......@@ -700,8 +700,8 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if (!$this->table) {
$href = htmlspecialchars(($this->listURL() . '&collapse[' . $table . ']=' . ($tableCollapsed ? '0' : '1')));
$title = $tableCollapsed
? $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.expandTable', true)
: $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.collapseTable', true);
? htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.expandTable'))
: htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.collapseTable'));
$icon = '<span class="collapseIcon">' . $this->iconFactory->getIcon(($tableCollapsed ? 'actions-view-list-expand' : 'actions-view-list-collapse'), Icon::SIZE_SMALL)->render() . '</span>';
$collapseIcon = '<a href="' . $href . '" title="' . $title . '" class="pull-right t3js-toggle-recordlist" data-table="' . htmlspecialchars($table) . '" data-toggle="collapse" data-target="#recordlist-' . htmlspecialchars($table) . '">' . $icon . '</a>';
}
......@@ -1052,15 +1052,15 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
switch ((string)$fCol) {
case '_PATH_':
// Path
$theData[$fCol] = '<i>[' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels._PATH_', true) . ']</i>';
$theData[$fCol] = '<i>[' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels._PATH_')) . ']</i>';
break;
case '_REF_':
// References
$theData[$fCol] = '<i>[' . $lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:c__REF_', true) . ']</i>';
$theData[$fCol] = '<i>[' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:c__REF_')) . ']</i>';
break;
case '_LOCALIZATION_':
// Path
$theData[$fCol] = '<i>[' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels._LOCALIZATION_', true) . ']</i>';
$theData[$fCol] = '<i>[' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels._LOCALIZATION_')) . ']</i>';
break;
case '_LOCALIZATION_b':
// Path
......@@ -1202,7 +1202,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
// at the end
$sortLabel = BackendUtility::getItemLabel($table, $fCol);
if ($sortLabel !== null) {
$sortLabel = $lang->sL($sortLabel, true);
$sortLabel = htmlspecialchars($lang->sL($sortLabel));
$sortLabel = rtrim(trim($sortLabel), ':');
} else {
// No TCA field, only output the $fCol variable with square brackets []
......@@ -1294,8 +1294,8 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$currentPage = floor($this->firstElementNumber / $this->iLimit) + 1;
// Compile first, previous, next, last and refresh buttons
if ($currentPage > 1) {
$labelFirst = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:first', true);
$labelPrevious = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:previous', true);
$labelFirst = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:first'));
$labelPrevious = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:previous'));
$first = '<li><a href="' . $listURL . '&pointer=' . $this->getPointerForPage(1) . '" title="' . $labelFirst . '">'
. $this->iconFactory->getIcon('actions-view-paging-first', Icon::SIZE_SMALL)->render() . '</a></li>';
$previous = '<li><a href="' . $listURL . '&pointer=' . $this->getPointerForPage($currentPage - 1) . '" title="' . $labelPrevious . '">'
......@@ -1305,8 +1305,8 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$previous = '<li class="disabled"><span>' . $this->iconFactory->getIcon('actions-view-paging-previous', Icon::SIZE_SMALL)->render() . '</span></li>';
}
if ($currentPage < $totalPages) {
$labelNext = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:next', true);
$labelLast = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:last', true);
$labelNext = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:next'));
$labelLast = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:last'));
$next = '<li><a href="' . $listURL . '&pointer=' . $this->getPointerForPage($currentPage + 1) . '" title="' . $labelNext . '">'
. $this->iconFactory->getIcon('actions-view-paging-next', Icon::SIZE_SMALL)->render() . '</a></li>';
$last = '<li><a href="' . $listURL . '&pointer=' . $this->getPointerForPage($totalPages) . '" title="' . $labelLast . '">'
......@@ -1318,7 +1318,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$reload = '<li><a href="#" onclick="document.dblistForm.action=' . GeneralUtility::quoteJSvalue($listURL
. '&pointer=') . '+calculatePointer(document.getElementById(' . GeneralUtility::quoteJSvalue('jumpPage-' . $renderPart)
. ').value); document.dblistForm.submit(); return true;" title="'
. $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:reload', true) . '">'
. htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:reload')) . '">'
. $this->iconFactory->getIcon('actions-refresh', Icon::SIZE_SMALL)->render() . '</a></li>';
if ($renderPart === 'top') {
// Add js to traverse a page select input to a pointer value
......@@ -1421,7 +1421,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
'',
($table === 'tt_content' ? '#' . $row['uid'] : '')
)
) . '" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage', true) . '">'
) . '" title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage')) . '">'
. $this->iconFactory->getIcon('actions-view', Icon::SIZE_SMALL)->render() . '</a>';
$this->addActionToCellGroup($cells, $viewAction, 'view');
}
......@@ -1721,7 +1721,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$cells['copy'] = '<a class="btn btn-default" href="#" onclick="'
. htmlspecialchars('return jumpSelf(' . GeneralUtility::quoteJSvalue($this->clipObj->selUrlDB($table, $row['uid'], 1, ($isSel === 'copy'), array('returnUrl' => ''))) . ');')
. '" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.copy', true) . '">'
. '" title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.copy')) . '">'
. $copyIcon->render() . '</a>';
// Check permission to cut page or content
......@@ -1738,7 +1738,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if ($permsEdit) {
$cells['cut'] = '<a class="btn btn-default" href="#" onclick="'
. htmlspecialchars('return jumpSelf(' . GeneralUtility::quoteJSvalue($this->clipObj->selUrlDB($table, $row['uid'], 0, ($isSel === 'cut'), array('returnUrl' => ''))) . ');')
. '" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.cut', true) . '">'
. '" title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.cut')) . '">'
. $cutIcon->render() . '</a>';
} else {
$cells['cut'] = $this->spaceIcon;
......@@ -1747,7 +1747,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if ($table !== 'pages' && $this->calcPerms & Permission::CONTENT_EDIT) {
$cells['cut'] = '<a class="btn btn-default" href="#" onclick="'
. htmlspecialchars('return jumpSelf(' . GeneralUtility::quoteJSvalue($this->clipObj->