CoreCommunity ExtensionsIncubatorDistributionsTYPO3 4.5 ProjectsTYPO3 4.6 ProjectsTYPO3 4.7 ProjectsTYPO3 6.0 ProjectsTYPO3 6.1 ProjectsTYPO3 6.2 Projects (+)

Bug #39282

Prevent executable code within the shown result title and content

Added by Stefan Galinski 10 months ago. Updated 7 months ago.

Status:New Start date:2012-07-26
Priority:Should have Due date:
Assignee:- % Done:

0%
Category:-
Target version:next (placeholder)
TYPO3 Version:4.5 Has patch:Yes
PHP Version: Tags:
Votes: 0

Description

Currently the title and content variables are not secured by calling e.g. htmlspecialchars on their data before outputting them on the page. If you are using external input sources for Solr like Nutch to index other sites, it can happen that the indexed content contains pieces of html code. Sometimes this results in a "broken" search results page. The attached patch contains a workaround for this problem.

solr_resultEncoding.patch (1.1 kB) Stefan Galinski, 2012-07-26 10:48

History

#1
Updated by Ingo Renner 10 months ago

  • Target version set to 2.8

#2
Updated by Ingo Renner 7 months ago

  • TYPO3 Version set to 4.5
  • Has patch set to Yes

#3
Updated by Ingo Renner 7 months ago

  • Target version changed from 2.8 to next (placeholder)

Also available in: Atom PDF