Index: typo3/sysext/install/mod/class.tx_install.php =================================================================== --- typo3/sysext/install/mod/class.tx_install.php (Revision 9751) +++ typo3/sysext/install/mod/class.tx_install.php (Arbeitskopie) @@ -624,7 +624,7 @@ $error_missingConnect='
'.$this->fontTag2.' There is no connection to the database!
- (Username: '.TYPO3_db_username.', Password: '.TYPO3_db_password.', Host: '.TYPO3_db_host.').
+ (Username: ' . htmlspecialchars(TYPO3_db_username) . ', Host: ' . htmlspecialchars(TYPO3_db_host) . ').

Go to Step 1 and enter a proper username/password!
@@ -632,7 +632,7 @@ '; $error_missingDB='
'.$this->fontTag2.' - There is no access to the database ('.TYPO3_db.')!
+ There is no access to the database (' . htmlspecialchars(TYPO3_db) . ')!

Go to Step 2 and select an accessible database!
@@ -649,19 +649,19 @@ '.$this->fontTag1.'Username: - '.$this->fontTag1.''.TYPO3_db_username.' + '.$this->fontTag1.'' . htmlspecialchars(TYPO3_db_username) . ' '.$this->fontTag1.'Password: - '.$this->fontTag1.''.TYPO3_db_password.' + '.$this->fontTag1.'' . htmlspecialchars(TYPO3_db_password) . ' '.$this->fontTag1.'Host: - '.$this->fontTag1.''.TYPO3_db_host.' + '.$this->fontTag1.'' . htmlspecialchars(TYPO3_db_host) . ' '.$this->fontTag1.'Database: - '.$this->fontTag1.''.TYPO3_db.' + '.$this->fontTag1.'' . htmlspecialchars(TYPO3_db) . ' '.$this->fontTag1.'# of tables: @@ -693,7 +693,7 @@ '.$this->fontTag2.' -
+
@@ -704,7 +704,7 @@ '.$this->fontTag2.' -
+
@@ -715,7 +715,7 @@ '.$this->fontTag2.' -
+
@@ -2047,9 +2047,9 @@ ",2); } else { $cInfo=' - Username: '.TYPO3_db_username.' - Password: '.TYPO3_db_password.' - Host: '.TYPO3_db_host.' + Username: ' . htmlspecialchars(TYPO3_db_username) . ' + Password: ' . htmlspecialchars(TYPO3_db_password) . ' + Host: ' . htmlspecialchars(TYPO3_db_host) . ' '; if (!TYPO3_db_host || !TYPO3_db_username) { $this->message($ext, 'Username, password or host not set'," @@ -2072,13 +2072,13 @@ $this->config_array['no_database']=1; } elseif (!$GLOBALS['TYPO3_DB']->sql_select_db(TYPO3_db)) { $this->message($ext, 'Database'," - '".TYPO3_db."' could not be selected as database! + '" . htmlspecialchars(TYPO3_db) . "' could not be selected as database! Please select another one or create a new database. ",3,1); $this->config_array['no_database']=1; } else { $this->message($ext, 'Database'," - ".TYPO3_db." is selected as database. + " . htmlspecialchars(TYPO3_db) . " is selected as database. ",1,1); } } else { @@ -2747,19 +2747,19 @@ $im_path_lzw = $GLOBALS['TYPO3_CONF_VARS']['GFX']['im_path_lzw']; $im_path_lzw_version = $this->config_array['im_versions'][$im_path_lzw]['convert']; $msg = ' - ImageMagick enabled: '.$GLOBALS['TYPO3_CONF_VARS']['GFX']['im'].' - ImageMagick path: '.$im_path.' ('.$im_path_version.') - ImageMagick path/LZW: '.$im_path_lzw.' ('.$im_path_lzw_version.') - Version 5/GraphicsMagick flag: '.$GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5'].' - - GDLib enabled: '.$GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib'].' - GDLib using PNG: '.$GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib_png'].' - GDLib 2 enabled: '.$GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib_2'].' - IM5 effects enabled: '.$GLOBALS['TYPO3_CONF_VARS']['GFX']['im_v5effects'].' (Blurring/Sharpening with IM 5+) - Freetype DPI: '.$GLOBALS['TYPO3_CONF_VARS']['GFX']['TTFdpi'].' (Should be 96 for Freetype 2) - Mask invert: '.$GLOBALS['TYPO3_CONF_VARS']['GFX']['im_imvMaskState'].' (Should be set for some IM versions approx. 5.4+) + ImageMagick enabled: ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['im']) . ' + ImageMagick path: ' . htmlspecialchars($im_path) . ' (' . htmlspecialchars($im_path_version) . ') + ImageMagick path/LZW: ' . htmlspecialchars($im_path_lzw) . ' (' . htmlspecialchars($im_path_lzw_version) . ') + Version 5/GraphicsMagick flag: ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5']) . ' + + GDLib enabled: ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib']) . ' + GDLib using PNG: ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib_png']) . ' + GDLib 2 enabled: ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['gdlib_2']) . ' + IM5 effects enabled: ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_v5effects']) . ' (Blurring/Sharpening with IM 5+) + Freetype DPI: ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['TTFdpi']) . ' (Should be 96 for Freetype 2) + Mask invert: ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_imvMaskState']) . ' (Should be set for some IM versions approx. 5.4+) - File Formats: '.$GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'].' + File Formats: ' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext']) . ' '; // Various checks to detect IM/GM version mismatches @@ -2778,8 +2778,8 @@ if ($mismatch) { $msg.= 'Warning: Mismatch between the version of ImageMagick'. - ' ('.$im_path_version.') and the configuration of '. - '[GFX][im_version_5] ('.$GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5'].')'; + ' (' . htmlspecialchars($im_path_version) . ') and the configuration of '. + '[GFX][im_version_5] (' . htmlspecialchars($GLOBALS['TYPO3_CONF_VARS']['GFX']['im_version_5']) . ')'; $etype=2; } else $etype=1; @@ -3406,9 +3406,9 @@ ",0); $cInfo=' - Username: '.TYPO3_db_username.' - Password: '.TYPO3_db_password.' - Host: '.TYPO3_db_host.' + Username: ' . htmlspecialchars(TYPO3_db_username) . ' + Password: ' . htmlspecialchars(TYPO3_db_password) . ' + Host: ' . htmlspecialchars(TYPO3_db_host) . ' '; $this->message($headCode, 'Connected to SQL database successfully'," ".trim($cInfo)." Index: typo3/sysext/install/updates/class.tx_coreupdates_compatversion.php =================================================================== --- typo3/sysext/install/updates/class.tx_coreupdates_compatversion.php (Revision 9751) +++ typo3/sysext/install/updates/class.tx_coreupdates_compatversion.php (Arbeitskopie) @@ -66,7 +66,7 @@ The compatibility version has been set to the current TYPO3 version. This is a stamp and has no impact for your installation.'; } } else { - $description = 'Your current TYPO3 installation is configured to behave like version '.$TYPO3_CONF_VARS['SYS']['compat_version'].' of TYPO3. If you just upgraded from this version, you most likely want to use new features as well.

In the next step, you will see the things that need to be adjusted to make your installation compatible with the new features.'; + $description = 'Your current TYPO3 installation is configured to behave like version ' . htmlspecialchars($TYPO3_CONF_VARS['SYS']['compat_version']) . ' of TYPO3. If you just upgraded from this version, you most likely want to use new features as well.

In the next step, you will see the things that need to be adjusted to make your installation compatible with the new features.'; } return 1; // Return 1 in any case so user has possibility to switch back to a previous compat_version. @@ -92,7 +92,7 @@ } $content .= ''; } else { - $content = 'TYPO3 output is currently compatible to version '.$TYPO3_CONF_VARS['SYS']['compat_version'].'. To use all the new features in the current TYPO3 version, make sure you follow the guidelines below to upgrade without problems.
+ $content = 'TYPO3 output is currently compatible to version ' . htmlspecialchars($TYPO3_CONF_VARS['SYS']['compat_version']) . '. To use all the new features in the current TYPO3 version, make sure you follow the guidelines below to upgrade without problems.

Follow the steps below carefully and confirm every step!
You will see this list again after you performed the update.

'; $content .= $this->showChangesNeeded($inputPrefix);