Commit ce670d82 authored by Oliver Hader's avatar Oliver Hader
Browse files

Fixed bug #13958: XSS in BE Log (thanks to Georg Ringer)

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@8345 709f56b5-9817-0410-a4d7-c38de5d9e867
parent e52622df
......@@ -5,6 +5,7 @@
* Fixed bug #11618: XSS vulnerability in install tool / BE login (thanks to Georg Ringer)
* Fixed bug #13961: XSS in impexp (thanks to Georg Ringer)
* Fixed bug #13960: XSS in sys_action (thanks to Georg Ringer)
* Fixed bug #13958: XSS in BE Log (thanks to Georg Ringer)
2010-05-17 Oliver Hader <oliver@typo3.org>
......
......@@ -200,6 +200,7 @@ class t3lib_BEDisplayLog {
$text = str_replace('%s','',$text);
}
}
$text = htmlspecialchars($text);
// Finding the history for the record
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,fieldlist', 'sys_history', 'sys_log_uid='.intval($sys_log_uid));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment