Commit c388b117 authored by Oliver Hader's avatar Oliver Hader
Browse files

Fixed bug #14978: XSS in file tree (thanks to Georg Ringer)

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@8314 709f56b5-9817-0410-a4d7-c38de5d9e867
parent aada3943
2010-07-28 Oliver Hader <oliver@typo3.org>
* Fixed bug #14978: XSS in file tree (thanks to Georg Ringer)
2010-05-17 Oliver Hader <oliver@typo3.org>
* Fixed bug #13394: Information disclosure in sysext:sys_actions (thanks to Georg Ringer)
......
......@@ -435,6 +435,8 @@ class TBE_PageTree extends localPageTree {
* @return string Wrapping title string.
*/
function wrapTitle($title,$v,$ext_pArrPages) {
$title = htmlspecialchars($title);
if ($ext_pArrPages) {
$ficon=t3lib_iconWorks::getIcon('pages',$v);
$onClick = "return insertElement('pages', '".$v['uid']."', 'db', ".t3lib_div::quoteJSvalue($v['title']).", '', '', '".$ficon."','',1);";
......@@ -482,6 +484,8 @@ class localFolderTree extends t3lib_folderTree {
* @return string Wrapping title string.
*/
function wrapTitle($title,$v) {
$title = htmlspecialchars($title);
if ($this->ext_isLinkable($v)) {
$aOnClick = 'return jumpToUrl(\''.$this->thisScript.'?act='.$GLOBALS['SOBE']->browser->act.'&mode='.$GLOBALS['SOBE']->browser->mode.'&expandFolder='.rawurlencode($v['path']).'\');';
return '<a href="#" onclick="'.htmlspecialchars($aOnClick).'">'.$title.'</a>';
......@@ -634,6 +638,8 @@ class TBE_FolderTree extends localFolderTree {
* @return string Wrapping title string.
*/
function wrapTitle($title,$v) {
$title = htmlspecialchars($title);
if ($this->ext_isLinkable($v)) {
$aOnClick = 'return jumpToUrl(\''.$this->thisScript.'?act='.$GLOBALS['SOBE']->browser->act.'&mode='.$GLOBALS['SOBE']->browser->mode.'&expandFolder='.rawurlencode($v['path']).'\');';
return '<a href="#" onclick="'.htmlspecialchars($aOnClick).'">'.$title.'</a>';
......
......@@ -120,6 +120,8 @@ class tx_rtehtmlarea_folderTree extends rteFolderTree {
* @return string Wrapping title string.
*/
function wrapTitle($title,$v) {
$title = htmlspecialchars($title);
if ($this->ext_isLinkable($v)) {
$aOnClick = 'return jumpToUrl(\''.$this->thisScript.'?act='.$GLOBALS['SOBE']->browser->act.'&editorNo='.$GLOBALS['SOBE']->browser->editorNo.'&contentTypo3Language='.$GLOBALS['SOBE']->browser->contentTypo3Language.'&contentTypo3Charset='.$GLOBALS['SOBE']->browser->contentTypo3Charset.'&mode='.$GLOBALS['SOBE']->browser->mode.'&expandFolder='.rawurlencode($v['path']).'\');';
return '<a href="#" onclick="'.htmlspecialchars($aOnClick).'">'.$title.'</a>';
......
......@@ -56,6 +56,8 @@ class tx_rtehtmlarea_image_folderTree extends t3lib_folderTree {
* @return string Wrapping title string.
*/
function wrapTitle($title,$v) {
$title = htmlspecialchars($title);
if ($this->ext_isLinkable($v)) {
$aOnClick = 'return jumpToUrl(\'?editorNo='.$GLOBALS['SOBE']->browser->editorNo.'&expandFolder='.rawurlencode($v['path']).'\');';
return '<a href="#" onclick="'.htmlspecialchars($aOnClick).'">'.$title.'</a>';
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment