Commit 25d0398a authored by Oliver Hader's avatar Oliver Hader
Browse files

Fixed bug #13885: XSS in indexed search BE module (thanks to Benjamin Mack)

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@8381 709f56b5-9817-0410-a4d7-c38de5d9e867
parent 304877c6
......@@ -12,6 +12,7 @@
* Fixed bug #12736: XSS in setup module (thanks to Georg Ringer)
* Fixed bug #13989: Mitigate PHP's RNG vulnerability (thanks to Marcus Krause and Helmut Hummel)
* Fixed bug #12739: XSS in shortcuts (thanks to Francois Suter and Georg Ringer)
* Fixed bug #13885: XSS in indexed search BE module (thanks to Benjamin Mack)
2010-05-17 Oliver Hader <oliver@typo3.org>
......
......@@ -433,7 +433,7 @@ class SC_mod_tools_isearch_index {
reset($arr);
$list=array();
while(list($k,$v)=each($arr)) {
$list[]=$k."=".$v;
$list[] = htmlspecialchars($k) . '=' . htmlspecialchars($v);
}
return implode("<BR>",$list);
}
......
......@@ -269,7 +269,7 @@ class tx_indexedsearch_modfunc1 extends t3lib_extobjbase {
$code.= $this->indexed_info(
$data['row'],
$data['HTML'].
$this->showPageDetails(t3lib_div::fixed_lgd_cs($data['row']['title'], 20),$data['row']['uid'])
$this->showPageDetails(t3lib_BEfunc::getRecordTitlePrep($data['row']['title']), $data['row']['uid'])
);
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment