Index: typo3/sysext/install/mod/class.tx_install.php
===================================================================
--- typo3/sysext/install/mod/class.tx_install.php (Revision 8202)
+++ typo3/sysext/install/mod/class.tx_install.php (Arbeitskopie)
@@ -908,8 +908,8 @@
There is no connection to the database!
- (Username: ' . TYPO3_db_username . ',
- Host: ' . TYPO3_db_host . ',
+ (Username: ' . htmlspecialchars(TYPO3_db_username) . ',
+ Host: ' . htmlspecialchars(TYPO3_db_host) . ',
Using Password: YES)
Go to Step 1 and enter a valid username and password!
@@ -918,7 +918,7 @@
$error_missingDB = '
- There is no access to the database (' . TYPO3_db . ')!
+ There is no access to the database (' . htmlspecialchars(TYPO3_db) . ')!
Go to Step 2 and select a valid database!
@@ -994,11 +994,11 @@
'encryptionKey' => $this->createEncryptionKey(),
'branch' => TYPO3_branch,
'labelUsername' => 'Username',
- 'username' => TYPO3_db_username,
+ 'username' => htmlspecialchars(TYPO3_db_username),
'labelPassword' => 'Password',
- 'password' => TYPO3_db_password,
+ 'password' => htmlspecialchars(TYPO3_db_password),
'labelHost' => 'Host',
- 'host' => TYPO3_db_host ? TYPO3_db_host : 'localhost',
+ 'host' => TYPO3_db_host ? htmlspecialchars(TYPO3_db_host) : 'localhost',
'continue' => 'Continue',
'llDescription' => 'If you have not already created a username and password to access the database, please do so now. This can be done using tools provided by your host.'
);
@@ -1145,11 +1145,11 @@
$step4SubPartMarkers = array(
'llSummary' => 'Database summary:',
'llUsername' => 'Username:',
- 'username' => TYPO3_db_username,
+ 'username' => htmlspecialchars(TYPO3_db_username),
'llHost' => 'Host:',
- 'host' => TYPO3_db_host,
+ 'host' => htmlspecialchars(TYPO3_db_host),
'llDatabase' => 'Database:',
- 'database' => TYPO3_db,
+ 'database' => htmlspecialchars(TYPO3_db),
'llNumberTables' => 'Number of tables:',
'numberTables' => count($whichTables),
'action' => htmlspecialchars($this->action),
@@ -3114,9 +3114,9 @@
You may need to enter data for these values:
- Username: ' . TYPO3_db_username . '
+ Username: ' . htmlspecialchars(TYPO3_db_username) . '
- Host: ' . TYPO3_db_host . '
+ Host: ' . htmlspecialchars(TYPO3_db_host) . '
Use the form below.
@@ -3130,13 +3130,13 @@
Username:
- ' . TYPO3_db_username . '
+ ' . htmlspecialchars(TYPO3_db_username) . '
Host:
- ' . TYPO3_db_host . '
+ ' . htmlspecialchars(TYPO3_db_host) . '
', -1, 1);
@@ -3153,7 +3153,7 @@
} elseif (!$GLOBALS['TYPO3_DB']->sql_select_db(TYPO3_db)) {
$this->message($ext, 'Database', '
- \''.TYPO3_db.'\' could not be selected as database!
+ \'' . htmlspecialchars(TYPO3_db) . '\' could not be selected as database!
Please select another one or create a new database.
@@ -3162,7 +3162,7 @@
} else {
$this->message($ext, 'Database', '
- ' . TYPO3_db . ' is selected as
+ ' . htmlspecialchars(TYPO3_db) . ' is selected as
database.
', 1, 1);
@@ -3181,9 +3181,9 @@
Connecting to SQL database failed with these settings:
- Username: ' . TYPO3_db_username . '
+ Username: ' . htmlspecialchars(TYPO3_db_username) . '
- Host: ' . TYPO3_db_host . '
+ Host: ' . htmlspecialchars(TYPO3_db_host) . '
Make sure you\'re using the correct set of data.
@@ -4398,25 +4398,25 @@
ImageMagick enabled:
- ' . $GLOBALS['TYPO3_CONF_VARS']['GFX']['im'] . '
+ ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['im']) . '
ImageMagick path:
- ' . $im_path . ' (' . $im_path_version . ')
+ ' . htmlspecialchars($im_path . ' (' . htmlspecialchars($im_path_version) . ')
ImageMagick path/LZW:
- ' . $im_path_lzw . ' (' . $im_path_lzw_version . ')
+ ' . htmlspecialchars($im_path_lzw . ' (' . htmlspecialchars($im_path_lzw_version) . ')
Version 5/GraphicsMagick flag:
- ' . ($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5'] ? $GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5'] : ' ') . '
+ ' . ($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5'] ? htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5']) : ' ') . '
@@ -4424,33 +4424,33 @@
GDLib enabled:
-
- ' . ($GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib'] ? $GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib'] : ' ') . '
+ ' . ($GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib'] ? htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib']) : ' ') . '
-
GDLib using PNG:
-
- ' . ($GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib_png'] ? $GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib_png'] : ' ') . '
+ ' . ($GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib_png'] ? htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib_png']) : ' ') . '
-
IM5 effects enabled:
-
- ' . $GLOBALS['TYPO3_CONF_VARS']['GFX']['im_v5effects'] . '
+ ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_v5effects']) . '
(Blurring/Sharpening with IM 5+)
-
Freetype DPI:
-
- ' . $GLOBALS['TYPO3_CONF_VARS']['GFX']['TTFdpi'] . '
+ ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['TTFdpi']) . '
(Should be 96 for Freetype 2)
-
Mask invert:
-
- ' . $GLOBALS['TYPO3_CONF_VARS']['GFX']['im_imvMaskState'] . '
+ ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_imvMaskState']) . '
(Should be set for some IM versions approx. 5.4+)
@@ -4459,7 +4459,7 @@
File Formats:
- ' . $GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'] . '
+ ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext']) . '
';
@@ -4482,8 +4482,8 @@
$msg .= '
Warning: Mismatch between the version of ImageMagick' .
- ' (' . $im_path_version.') and the configuration of ' .
- '[GFX][im_version_5] (' . $GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5'] . ')
+ ' (' . htmlspecialchars($im_path_version) . ') and the configuration of ' .
+ '[GFX][im_version_5] (' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5']) . ')
';
$etype=2;
@@ -5417,20 +5417,20 @@
Username:
- ' . TYPO3_db_username . '
+ ' . htmlspecialchars(TYPO3_db_username) . '
Host:
- ' . TYPO3_db_host . '
+ ' . htmlspecialchars(TYPO3_db_host) . '
', -1, 1);
$this->message($headCode, 'Database', '
- ' . TYPO3_db . ' is selected as database.
+ ' . htmlspecialchars(TYPO3_db) . ' is selected as database.
Has ' . count($whichTables) . ' tables.
Index: typo3/sysext/install/updates/class.tx_coreupdates_compatversion.php
===================================================================
--- typo3/sysext/install/updates/class.tx_coreupdates_compatversion.php (Revision 8202)
+++ typo3/sysext/install/updates/class.tx_coreupdates_compatversion.php (Arbeitskopie)
@@ -98,7 +98,7 @@
Your current TYPO3 installation is configured to
behave like version
- ' . $TYPO3_CONF_VARS['SYS']['compat_version'] . '
+ ' . htmlspecialchars($TYPO3_CONF_VARS['SYS']['compat_version']) . '
of TYPO3. If you just upgraded from this version,
you most likely want to use new features as
well.
@@ -153,7 +153,7 @@
} else {
$content = '
- TYPO3 output is currently compatible to version ' . $TYPO3_CONF_VARS['SYS']['compat_version'] . '.
+ TYPO3 output is currently compatible to version ' . htmlspecialchars($TYPO3_CONF_VARS['SYS']['compat_version']) . '.
To use all the new features in the current TYPO3 version,
make sure you follow the guidelines below to upgrade without
problems.