Bug #92964
closed
Headers are shown with HTML tags in scheduler task
100%
Description
Due to a change, some headers are now displayed with html tags in some scheduler tasks
version 9.5, master
Files
Updated by Oliver Bartsch over 3 years ago
- Related to Bug #92983: Header formatting in scheduler for Console Commands added
Updated by Oliver Bartsch about 3 years ago
- Has duplicate Bug #93317: HTML Code in BE lables - EXT:scheduler added
Updated by Georg Ringer about 3 years ago
- Subject changed from Headers are shown with HTML tags in linkvalidator scheduler task to Headers are shown with HTML tags in scheduler task
With #92602 the label is escaped twice
Updated by Gerrit Code Review about 3 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67549
Updated by Oliver Hader about 3 years ago
Issue #92602 (security fix against XSS in typo3/cms-fluid view-helpers) just revealed the flaw in linkvalidator's label generation. ValidatorTaskAdditionalFieldProvider is invoking BackendUtility::wrapInHelp and when rendering the Fluid template f:be.labels.csh causes BackendUtility::wrapInHelp to be called a second time.
It seems(!) this behavior existed since #68683 (https://review.typo3.org/c/Packages/TYPO3.CMS/+/50962/), but was not visually seen until recent security fix.
Updated by Gerrit Code Review about 3 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67549
Updated by Sybille Peters about 3 years ago
As noted in #92983, it seems this problem appeared as result of: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66663 with related issue #92602 (which I am unable to access).
I am not sure if this will affect other extensions as well. I vaguely remember seeing the problem described here in at least one other scheduler task. Should we at least have a changelog for that?
Updated by Sybille Peters about 3 years ago
- Description updated (diff)
- Category changed from Linkvalidator to Backend User Interface
Updated by Sybille Peters about 3 years ago
- File console_commands.png console_commands.png added
Also has problems:
- Execute console commands
Updated by Gerrit Code Review about 3 years ago
Patch set 1 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67592
Updated by Oliver Hader about 3 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset d30a0b252d3705ccf8852af6fc8d9a23af2a7a6c.
Updated by Gerrit Code Review about 3 years ago
- Status changed from Resolved to Under Review
Patch set 2 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67592
Updated by Gerrit Code Review about 3 years ago
Patch set 1 for branch 9.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/67593
Updated by Oliver Hader about 3 years ago
- Status changed from Under Review to Resolved
Applied in changeset fd38e7941d88e1d028f6299cd020c68e0c74d8af.
Updated by
Updated by Oliver Bartsch about 3 years ago
- Related to Bug #93717: Raw HTML labels for additional scheduler fields of the linkvalidator added
Updated by Sybille Peters about 3 years ago
- Related to Bug #93888: Some scheduler tasks still show raw HTML tags added
Updated by Sybille Peters about 3 years ago
- Related to Bug #93096: Schedule task with link validator show HTML-Tags instead of procecces document added