From 658c0dfac6a6897f9ad0b5cf768dc4c4ab61cb78 Mon Sep 17 00:00:00 2001
From: Andreas Kienast <a.fernandez@scripting-base.de>
Date: Tue, 14 May 2024 09:28:31 +0200
Subject: [PATCH] [BUGFIX] Avoid double-encoding of delete label
The label for the delete action was encoded twice, leading to text
issues in case special characters are involved. This commit makes use of
`GeneralUtility::implodeAttributes()` to solve this issue properly.
Resolves: #103827
Releases: main, 12.4, 11.5
Change-Id: Ia9f7ba5adf46b470a33b9065e49b8599a24fdfad
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/84253
Tested-by: core-ci <typo3@b13.com>
Reviewed-by: Benjamin Franzke <ben@bnf.dev>
Reviewed-by: Andreas Kienast <a.fernandez@scripting-base.de>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Benjamin Franzke <ben@bnf.dev>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Andreas Kienast <a.fernandez@scripting-base.de>
---
.../Classes/RecordList/DatabaseRecordList.php | 28 +++++++++++--------
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git a/typo3/sysext/backend/Classes/RecordList/DatabaseRecordList.php b/typo3/sysext/backend/Classes/RecordList/DatabaseRecordList.php
index d8efc78f197a..6c8d9e37ad09 100644
--- a/typo3/sysext/backend/Classes/RecordList/DatabaseRecordList.php
+++ b/typo3/sysext/backend/Classes/RecordList/DatabaseRecordList.php
@@ -1705,23 +1705,27 @@ class DatabaseRecordList
$row['uid'],
LF . $this->getLanguageService()->sL('LLL:EXT:core/Resources/Private/Language/locallang_core.xlf:labels.translationsOfRecord')
);
+
$warningText = sprintf($this->getLanguageService()->sL('LLL:EXT:core/Resources/Private/Language/locallang_mod_web_list.xlf:' . $actionName . 'Warning'), trim($recordInfo)) . $refCountMsg;
$params = 'cmd[' . $table . '][' . $row['uid'] . '][delete]=1';
$icon = $this->iconFactory->getIcon('actions-edit-' . $actionName, IconSize::SMALL)->render();
- $linkTitle = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:core/Resources/Private/Language/locallang_mod_web_list.xlf:' . $actionName));
+ $linkTitle = $this->getLanguageService()->sL('LLL:EXT:core/Resources/Private/Language/locallang_mod_web_list.xlf:' . $actionName);
$titleText = $this->getLanguageService()->sL('LLL:EXT:backend/Resources/Private/Language/locallang_alt_doc.xlf:label.confirm.delete_record.title');
$l10nParentField = $GLOBALS['TCA'][$table]['ctrl']['transOrigPointerField'] ?? '';
- $deleteAction = '<button type="button" class="btn btn-default t3js-record-delete"'
- . ' title="' . $linkTitle . '"'
- . ' aria-label="' . $linkTitle . '"'
- . ' aria-haspopup="dialog"'
- . ' data-button-ok-text="' . htmlspecialchars($linkTitle) . '"'
- . ' data-l10parent="' . ($l10nParentField ? htmlspecialchars((string)$row[$l10nParentField]) : '') . '"'
- . ' data-params="' . htmlspecialchars($params) . '"'
- . ' data-message="' . htmlspecialchars($warningText) . '"'
- . ' data-title="' . htmlspecialchars($titleText) . '">'
- . $icon
- . '</button>';
+
+ $deleteActionAttributes = GeneralUtility::implodeAttributes([
+ 'type' => 'button',
+ 'class' => 'btn btn-default t3js-record-delete',
+ 'title' => $linkTitle,
+ 'aria-label' => $linkTitle,
+ 'aria-haspopup' => 'dialog',
+ 'data-button-ok-text' => $linkTitle,
+ 'data-l10parent' => $l10nParentField ? (string)$row[$l10nParentField] : '',
+ 'data-params' => $params,
+ 'data-message' => $warningText,
+ 'data-title' => $titleText,
+ ], true, true);
+ $deleteAction = '<button ' . $deleteActionAttributes . '>' . $icon . '</button>';
} else {
$deleteAction = $this->spaceIcon;
}
--
GitLab