Commit dc76155e authored by Oliver Hader's avatar Oliver Hader
Browse files

Fixed bug #14317: XSS in Extension Manager (thanks to Georg Ringer)

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-1@8350 709f56b5-9817-0410-a4d7-c38de5d9e867
parent ce670d82
......@@ -6,6 +6,7 @@
* Fixed bug #13961: XSS in impexp (thanks to Georg Ringer)
* Fixed bug #13960: XSS in sys_action (thanks to Georg Ringer)
* Fixed bug #13958: XSS in BE Log (thanks to Georg Ringer)
* Fixed bug #14317: XSS in Extension Manager (thanks to Georg Ringer)
2010-05-17 Oliver Hader <oliver@typo3.org>
......
......@@ -1862,7 +1862,7 @@ EXTENSION KEYS:
$content = '
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td nowrap="nowrap">Extension:&nbsp;<strong>'.$this->extensionTitleIconHeader($extKey,$list[$extKey]).'</strong> ('.$extKey.')</td>
<td nowrap="nowrap">Extension:&nbsp;<strong>'.$this->extensionTitleIconHeader($extKey,$list[$extKey]).'</strong> ('.htmlspecialchars($extKey).')</td>
<td align="right" nowrap="nowrap">'.
t3lib_BEfunc::getFuncMenu(0,'SET[singleDetails]',$this->MOD_SETTINGS['singleDetails'],$this->MOD_MENU['singleDetails'],'','&CMD[showExt]='.$extKey).' &nbsp; &nbsp; '.
'<a href="index.php" class="typo3-goBack"><img'.t3lib_iconWorks::skinImg($this->doc->backPath,'gfx/goback.gif','width="14" height="14"').' class="absmiddle" alt="" /> Go back</a></td>
......@@ -2887,7 +2887,7 @@ EXTENSION KEYS:
if (is_array($imgInfo)) {
$out.= '<img src="'.$GLOBALS['BACK_PATH'].$this->typeRelPaths[$extInfo['type']].$extKey.'/ext_icon.gif" '.$imgInfo[3].' align="'.$align.'" alt="" />';
}
$out.= $extInfo['EM_CONF']['title'] ? htmlspecialchars(t3lib_div::fixed_lgd($extInfo['EM_CONF']['title'],40)) : '<em>'.$extKey.'</em>';
$out.= $extInfo['EM_CONF']['title'] ? htmlspecialchars(t3lib_div::fixed_lgd($extInfo['EM_CONF']['title'],40)) : '<em>'.htmlspecialchars($extKey).'</em>';
return $out;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment