Skip to content
Snippets Groups Projects
Commit 4347ca04 authored by Sascha Egerer's avatar Sascha Egerer Committed by Christian Kuhn
Browse files

[BUGFIX] Add missing htmlspecialchars in DocumentTemplate 

XSS is possible when using a special filename. The file has to be
created directly in the storage as uploading files with those names
is not possible.
Add a missing htmlspecialchars to prevent html injection.

Resolves: #64618
Releases: master, 6.2
Change-Id: I192e736fe629a37e923cc02a740fa2aadea20ee1
Reviewed-on: http://review.typo3.org/36391


Reviewed-by: default avatarIngo Schmitt <is@marketing-factory.de>
Reviewed-by: default avatarMathias Schreiber <mathias.schreiber@wmdb.de>
Tested-by: default avatarMathias Schreiber <mathias.schreiber@wmdb.de>
Reviewed-by: default avatarMichael Oehlhof <typo3@oehlhof.de>
Tested-by: default avatarMichael Oehlhof <typo3@oehlhof.de>
Reviewed-by: default avatarChristian Kuhn <lolli@schwarzbu.ch>
Tested-by: default avatarChristian Kuhn <lolli@schwarzbu.ch>
parent d2b8fe86
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment