From 3ff18625e4533bbdcb5dc39a21a412f9cf96704a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Frank=20N=C3=A4gler?= <typo3@naegler.net>
Date: Wed, 4 Mar 2015 22:46:34 +0100
Subject: [PATCH] [BUGFIX] Fix missing spaces and escaping of attributes

The generated HTML code is broken for some input fields in FormEngine
because of missing escape of attribute values.
An unused style attribute is also removed.

Resolves: #65525
Releases: master
Change-Id: I9d9aecd43c0863a3a9f191e5e942bb5587761dde
Reviewed-on: http://review.typo3.org/37543
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
---
 typo3/sysext/backend/Classes/Form/Element/InputElement.php | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/typo3/sysext/backend/Classes/Form/Element/InputElement.php b/typo3/sysext/backend/Classes/Form/Element/InputElement.php
index 04f2d54507c4..21029252b797 100644
--- a/typo3/sysext/backend/Classes/Form/Element/InputElement.php
+++ b/typo3/sysext/backend/Classes/Form/Element/InputElement.php
@@ -158,7 +158,7 @@ class InputElement extends AbstractFormElement {
 		$attributes['name'] = $additionalInformation['itemFormElName'] . '_hr';
 		$attributes['value'] = '';
 		$attributes['maxlength'] = $config['max'] ?: 256;
-		$attributes['onchange'] = htmlspecialchars(implode('', $additionalInformation['fieldChangeFunc']));
+		$attributes['onchange'] = implode('', $additionalInformation['fieldChangeFunc']);
 
 		if (!empty($styles)) {
 			$attributes['style'] = implode(' ', $styles);
@@ -173,7 +173,7 @@ class InputElement extends AbstractFormElement {
 		// Build the attribute string
 		$attributeString = '';
 		foreach ($attributes as $attributeName => $attributeValue) {
-			$attributeString .= ' '. $attributeName . '="' . $attributeValue . '"';
+			$attributeString .= ' ' . $attributeName . '="' . htmlspecialchars($attributeValue) . '"';
 		}
 
 		// This is the EDITABLE form field.
@@ -181,7 +181,6 @@ class InputElement extends AbstractFormElement {
 			<input type="text"'
 				. $attributeString
 				. $this->formEngine->getPlaceholderAttribute($table, $field, $config, $row)
-				. 'style="' . $cssStyle . '" '
 				. $additionalInformation['onFocus'] . ' />';
 
 		// This is the ACTUAL form field - values from the EDITABLE field must be transferred to this field which is the one that is written to the database.
-- 
GitLab