Fixed bug #13885: XSS in indexed search BE module (thanks to Benjamin Mack)

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@8381 709f56b5-9817-0410-a4d7-c38de5d9e867

Fixed bug #13885: XSS in indexed search BE module (thanks to Benjamin Mack)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@8381 709f56b5-9817-0410-a4d7-c38de5d9e867
25d0398a · Oliver Hader · 304877c6 · 25d0398a · 25d0398a · 25d0398a
Commit 25d0398a authored Jul 28, 2010 by Oliver Hader
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,7 @@
 	* Fixed bug #12736: XSS in setup module (thanks to Georg Ringer)
 	* Fixed bug #13989: Mitigate PHP's RNG vulnerability (thanks to Marcus Krause and Helmut Hummel)
 	* Fixed bug #12739: XSS in shortcuts (thanks to Francois Suter and Georg Ringer)
+	* Fixed bug #13885: XSS in indexed search BE module (thanks to Benjamin Mack)

 2010-05-17  Oliver Hader  <oliver@typo3.org>


--- a/typo3/sysext/indexed_search/mod/index.php
+++ b/typo3/sysext/indexed_search/mod/index.php
@@ -433,7 +433,7 @@ class SC_mod_tools_isearch_index {
 		reset($arr);
 		$list=array();
 		while(list($k,$v)=each($arr))	{
-			$list[]=$k."=".$v;
+			$list[] = htmlspecialchars($k) . '=' . htmlspecialchars($v);
 		}
 		return implode("<BR>",$list);
 	}

--- a/typo3/sysext/indexed_search/modfunc1/class.tx_indexedsearch_modfunc1.php
+++ b/typo3/sysext/indexed_search/modfunc1/class.tx_indexedsearch_modfunc1.php
@@ -269,7 +269,7 @@ class tx_indexedsearch_modfunc1 extends t3lib_extobjbase {
 			$code.= $this->indexed_info(
 						$data['row'],
 						$data['HTML'].
-							$this->showPageDetails(t3lib_div::fixed_lgd_cs($data['row']['title'], 20),$data['row']['uid'])
+							$this->showPageDetails(t3lib_BEfunc::getRecordTitlePrep($data['row']['title']), $data['row']['uid'])
 					);
 		}