Task #69062
closed
Properly escape all form attributes in SetupModuleController
100%
Description
Some form tag attributes are directly fetched from configuration without being escaped by htmlspecialchars().
For instance:
$class = $config['class'];
if ($type !== 'check') {
$class .= ' form-control';
}
$style = $config['style'];
if ($class) {
$more .= ' class="' . $class . '"';
}
...
$html = '<input id="field_' . $fieldName . '"
type="' . $type . '"
name="data' . $dataAdd . '[' . $fieldName . ']" ' .
$noAutocomplete .
'value="' . htmlspecialchars($value) . '" ' .
$more .
' />';
We need to make sure all added attributes are properly escaped.
Updated by
Updated by Gerrit Code Review over 9 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/42643
Updated by Gerrit Code Review about 9 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/42643
Updated by Gerrit Code Review about 9 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/42643
Updated by
Updated by Gerrit Code Review about 9 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/42643
Updated by Gerrit Code Review about 9 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/42643
Updated by Gerrit Code Review over 8 years ago
Patch set 6 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/42643
Updated by Gerrit Code Review over 8 years ago
Patch set 7 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/42643
Updated by Gerrit Code Review over 8 years ago
Patch set 8 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/42643
Updated by Gerrit Code Review over 8 years ago
Patch set 9 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/42643
Updated by Gerrit Code Review over 8 years ago
Patch set 10 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/42643
Updated by Gerrit Code Review over 8 years ago
Patch set 1 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/47181
Updated by Stefan Neufeind over 8 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 367c18481f3b2014791a0b7d9c657e6890973bf9.
Updated by Gerrit Code Review about 8 years ago
- Status changed from Resolved to Under Review
Patch set 2 for branch TYPO3_7-6 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/47181
Updated by Stephan Großberndt about 8 years ago
- Sprint Focus set to On Location Sprint
Updated by Stefan Neufeind about 8 years ago
- Status changed from Under Review to Resolved
Applied in changeset 8bff4bdde2af4d93840c4bfa4183055223fd5328.
Updated by