Actions
Bug #19934
closedDB Search output should be sanitised
Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2009-01-29
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:
Description
When using the Database search functionality (DB Check -> Full Search -> Advanced), when searching any field that has HTML in it, output is returned unsanitised from the database. I suggest that it should at least be passed through the PHP htmlspecialchars() function, so that it doesn't break the backend display as it currently can do and does.
(issue imported from #M10296)
Actions