Skip to content
Snippets Groups Projects
Commit 5f0d3e4e authored by Mario Rimann's avatar Mario Rimann Committed by Oliver Hader
Browse files

[SECURITY] XSS in install tool 

In the "Basic Configuration" section, some configuration values are
rendered without proper escaping both as input fields or as
regular content of the page. These values are htmlspecialchars-
treated now.

For the "All Configuration" form, all input fields and text area fields get now htmlspecialchars-treated.

Change-Id: I141efa5ad610bda4608f65c136af472cc3c4ec73
Fixes: #21634
Releases: 6.0, 4.7, 4.6, 4.5
Security-Commit: 1063d380e3532b69c24800f20b1127af70f820a0
Security-Bulletin: TYPO3-CORE-SA-2012-004
Reviewed-on: http://review.typo3.org/13774
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
parent 14f9a48e
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment