Bug #56296 ยป xss-scheduler.diff
| typo3/sysext/scheduler/Classes/Controller/SchedulerModuleController.php | ||
|---|---|---|
|
// On editing, don't allow changing of the task class, unless it was not valid
|
||
|
if ($this->submittedData['uid'] > 0 && !empty($taskInfo['class'])) {
|
||
|
$cell = $registeredClasses[$taskInfo['class']]['title'] . ' (' . $registeredClasses[$taskInfo['class']]['extension'] . ')';
|
||
|
$cell .= '<input type="hidden" name="tx_scheduler[class]" id="task_class" value="' . $taskInfo['class'] . '" />';
|
||
|
$cell .= '<input type="hidden" name="tx_scheduler[class]" id="task_class" value="' . htmlspecialchars($taskInfo['class']) . '" />';
|
||
|
} else {
|
||
|
$cell = '<select name="tx_scheduler[class]" id="task_class" class="wide" onchange="actOnChangedTaskClass(this)">';
|
||
|
// Group registered classes by classname
|
||
| ... | ... | |
|
$cell .= '<optgroup label="' . htmlspecialchars($extension) . '">';
|
||
|
foreach ($groupedClasses[$extension] as $class => $classInfo) {
|
||
|
$selected = $class == $taskInfo['class'] ? ' selected="selected"' : '';
|
||
|
$cell .= '<option value="' . $class . '"' . 'title="' . htmlspecialchars($classInfo['description']) . '"' . $selected . '>' . htmlspecialchars($classInfo['title']) . '</option>';
|
||
|
$cell .= '<option value="' . htmlspecialchars($class) . '"' . 'title="' . htmlspecialchars($classInfo['description']) . '"' . $selected . '>' . htmlspecialchars($classInfo['title']) . '</option>';
|
||
|
}
|
||
|
$cell .= '</optgroup>';
|
||
|
}
|
||