Commit bbebcf38 authored by Oliver Hader's avatar Oliver Hader
Browse files

Fixed bug #11617: XSS in template module

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@7626 709f56b5-9817-0410-a4d7-c38de5d9e867
parent 05a156a0
......@@ -2,6 +2,7 @@
* Fixed bug #13394: Information disclosure in sysext:sys_actions (thanks to Georg Ringer)
* Fixed bug #13042: XSS in index.php (thanks to Georg Ringer)
* Fixed bug #11617: XSS in template module (thanks to Georg Ringer)
2010-04-09 Michael Stucki <michael@typo3.org>
......
......@@ -296,7 +296,7 @@ class SC_mod_web_ts_index extends t3lib_SCbase {
$first = $tmpl->ext_prevPageWithTemplate($this->id,$this->perms_clause);
if ($first) {
$theOutput.=$this->doc->spacer(10);
$theOutput.=$this->doc->section("Go to closest page with template",sprintf("Closest template is on page '%s' (uid %s).<BR><BR>%s<strong>Click here to go.</strong>%s",$first["title"],$first["uid"],'<a href="index.php?id='.$first["uid"].'">','</a>'),0,1);
$theOutput.=$this->doc->section("Go to closest page with template",sprintf("Closest template is on page '%s' (uid %s).<BR><BR>%s<strong>Click here to go.</strong>%s",htmlspecialchars($first["title"]),$first["uid"],'<a href="index.php?id='.$first["uid"].'">','</a>'),0,1);
}
return $theOutput;
}
......@@ -375,7 +375,7 @@ page.10.value = HELLO WORLD!
if (!$rlArr[0]["uid"]) array_shift($rlArr);
$cEl = current($rlArr);
$pArray[$cEl["uid"]]=$cEl["title"];
$pArray[$cEl["uid"]]=htmlspecialchars($cEl["title"]);
array_shift($rlArr);
if (count($rlArr)) {
if (!isset($pArray[$cEl["uid"]."."])) $pArray[$cEl["uid"]."."]=array();
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment