Bug #23264: class.tslib_content.php returns unfiltered data - TYPO3 Core - TYPO3 Forge

Actions

Copy link

Bug #23264

closed

class.tslib_content.php returns unfiltered data

Added by Roland Schenke over 14 years ago. Updated about 11 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Category:

Target version:

Start date:

2010-07-25

Due date:

% Done:

Estimated time:

TYPO3 Version:

4.4

PHP Version:

5.3

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

In function class.tslib_content.php::MULTIMEDIA one has the ability to specify height and width parameters for such objects via Typoscript.
In Lines 2632, 2633 and 2639, 2640 these values are assigned unfiltered to html attributes which are part of the <embed> tag that is used to embed the defined Object like Movies, Flash Applications or JAVA Class Files.

try some Typoscript like this

Default PAGE object:
page = PAGE
page.10 = MULTIMEDIA
page.10.file = fileadmin/sample1.mpg
page.10.width = 640" style="border: 3px dotted red;
page.10.height = 480

apply intval() as integer seems to be the desired datatype
(issue imported from #M15227)

Files

15227.diff (1.38 KB) 15227.diff

Administrator Admin, 2010-07-25 16:55

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

TYPO3 Core

Custom queries

Bug #23264

class.tslib_content.php returns unfiltered data

Updated by Alexander Opitz about 11 years ago

Updated by Roland Schenke about 11 years ago

Updated by Alexander Opitz about 11 years ago