Commit b5c8e1e0 authored by Oliver Hader's avatar Oliver Hader
Browse files

Fixed bug #12736: XSS in setup module (thanks to Georg Ringer)

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@8369 709f56b5-9817-0410-a4d7-c38de5d9e867
parent 199cc2d5
......@@ -9,6 +9,7 @@
* Fixed bug #14317: XSS in Extension Manager (thanks to Georg Ringer)
* Fixed bug #14215: XSS in beuser (thanks to Georg Ringer)
* Fixed bug #12458: Session fixation possibility in new sesion machanism of the install tool (thanks to Benjamin Mack, Helmut Hummel and Ernesto Baschny)
* Fixed bug #12736: XSS in setup module (thanks to Georg Ringer)
2010-05-17 Oliver Hader <oliver@typo3.org>
......
......@@ -385,7 +385,7 @@ class SC_mod_user_setup_index {
$code[1][2] = '<input type="text" name="ext_beuser[realName]" value="'.htmlspecialchars($BE_USER->user['realName']).'"'.$GLOBALS['TBE_TEMPLATE']->formWidth(20).' />';
$code[2][1] = $this->setLabel('beUser_email');
$code[2][2] = '<input type="text" name="ext_beuser[email]" value="'.htmlspecialchars($BE_USER->user['email']).'"'.$GLOBALS['TBE_TEMPLATE']->formWidth(20).' />';
$code[3][1] = $this->setLabel('emailMeAtLogin').' ('.$GLOBALS['BE_USER']->user['email'].')';
$code[3][1] = $this->setLabel('emailMeAtLogin').' ('.htmlspecialchars($GLOBALS['BE_USER']->user['email']).')';
$code[3][2] = '<input type="checkbox" name="data[emailMeAtLogin]"'.($BE_USER->uc['emailMeAtLogin']?' checked="checked"':'').' />';
$code[4][1] = $this->setLabel('newPassword');
$code[4][2] = '<input type="password" name="ext_beuser[password1]" value=""'.$GLOBALS['TBE_TEMPLATE']->formWidth(20).' onchange="this.value=this.value?MD5(this.value):\'\';" />';
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment