Commit 1ea9de7f authored by Oliver Hader's avatar Oliver Hader
Browse files

Fixed bug #14215: XSS in beuser (thanks to Georg Ringer)

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@8359 709f56b5-9817-0410-a4d7-c38de5d9e867
parent dc76155e
......@@ -7,6 +7,7 @@
* Fixed bug #13960: XSS in sys_action (thanks to Georg Ringer)
* Fixed bug #13958: XSS in BE Log (thanks to Georg Ringer)
* Fixed bug #14317: XSS in Extension Manager (thanks to Georg Ringer)
* Fixed bug #14215: XSS in beuser (thanks to Georg Ringer)
2010-05-17 Oliver Hader <oliver@typo3.org>
......
......@@ -802,7 +802,11 @@ class t3lib_BEfunc {
// Traverse languages
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,title,flag','sys_language','pid=0'.t3lib_BEfunc::deleteClause('sys_language'));
while($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
$sysLanguages[] = array($row['title'].' ['.$row['uid'].']', $row['uid'], ($row['flag'] ? 'flags/'.$row['flag'] : ''));
$sysLanguages[] = array(
htmlspecialchars($row['title']) . ' [' . $row['uid'] . ']',
$row['uid'],
($row['flag'] ? 'flags/' . $row['flag'] : '')
);
}
return $sysLanguages;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment