[TASK] Switch to json_encode for tx_cms_showpic parameters
Scalar values sent via HTTP query parameters to ShowImageController are using `json_encode` instead of `unserialize`. The parameter stream is still secured with an HMAC before being deserialized. Resolves: #91509 Releases: master, 10.4, 9.5 Change-Id: I81b8d5a10a79536592b105c838470238e14b7dca Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/64589 Tested-by:TYPO3com <noreply@typo3.com> Tested-by:
Benni Mack <benni@typo3.org> Tested-by:
Oliver Hader <oliver.hader@typo3.org> Reviewed-by:
Andreas Fernandez <a.fernandez@scripting-base.de> Reviewed-by:
Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by:
Showing
- typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php 1 addition, 1 deletion.../frontend/Classes/ContentObject/ContentObjectRenderer.php
- typo3/sysext/frontend/Classes/Controller/ShowImageController.php 8 additions, 3 deletions...ysext/frontend/Classes/Controller/ShowImageController.php
Please register or sign in to comment