Actions
Bug #19934
closed
DB Search output should be sanitised
Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2009-01-29
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
When using the Database search functionality (DB Check -> Full Search -> Advanced), when searching any field that has HTML in it, output is returned unsanitised from the database. I suggest that it should at least be passed through the PHP htmlspecialchars() function, so that it doesn't break the backend display as it currently can do and does.
(issue imported from #M10296)
Updated by Marcus Krause over 15 years ago
Setting view status to private - might be a vulnerability in regards to security.
To be evaluated ...
TYPO3 Security Team
Actions