Commit aada3943 authored by Oliver Hader's avatar Oliver Hader
Browse files

Fixed bug #12630: XSS in filelist module

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@7634 709f56b5-9817-0410-a4d7-c38de5d9e867
parent c3000200
......@@ -9,6 +9,7 @@
* Fixed bug #12628: XSS in sysext sys_action (thanks to Georg Ringer)
* Fixed bug #12634: XSS in the access module (thanks to Georg Ringer)
* Fixed bug #13558: XSS in t3lib_querygenerator (thanks to Georg Ringer)
* Fixed bug #12630: XSS in filelist module
2010-04-09 Michael Stucki <michael@typo3.org>
......
......@@ -170,7 +170,7 @@ class fileList extends t3lib_recordList {
$theIcon = '<img'.t3lib_iconWorks::skinImg($this->backPath,$icon,'width="18" height="16"').' title="'.htmlspecialchars($theFile['file']).'" alt="" />';
if ($this->clickMenus) $theIcon = $GLOBALS['SOBE']->doc->wrapClickMenuOnIcon($theIcon,$path);
$theData[$titleCol].='<br />'.t3lib_div::fixed_lgd_cs($title,-($this->fixedL+20)); // No HTML specialchars here - HTML like <b> </b> is allowed
$theData[$titleCol].='<br />'.htmlspecialchars(t3lib_div::fixed_lgd_cs($title,-($this->fixedL+20)));
$theData['up'].=$this->linkWrapDir('<img'.t3lib_iconWorks::skinImg($this->backPath,'gfx/i/folder_up.gif','width="18" height="16"').' title="'.$GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:labels.upOneLevel',1).'" alt="" />',$theFile['path']);
} else {
// root:0
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment