Project

General

Profile

Actions

Bug #19934

closed

DB Search output should be sanitised

Added by Carey Dessaix almost 16 years ago. Updated over 14 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2009-01-29
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
5.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

When using the Database search functionality (DB Check -> Full Search -> Advanced), when searching any field that has HTML in it, output is returned unsanitised from the database. I suggest that it should at least be passed through the PHP htmlspecialchars() function, so that it doesn't break the backend display as it currently can do and does.

(issue imported from #M10296)

Actions

Also available in: Atom PDF