From a3c67422d99ee9670274f9d5b5366a919d3b3ec2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BCrk?= <stefan@buerk.tech>
Date: Wed, 10 Nov 2021 08:04:48 +0100
Subject: [PATCH] [BUGFIX] Avoid calling htmlspecialchars(null) in TextElement
TextElement::render() calls htmlspecialchars() to output the
item value. It may be that $itemValue is null instead of a
string at this place and feed null to htmlspecialchars() emits
a E_DEPRECATED PHP 8.1 error. Sanitize call.
Resolves: #95931
Releases: master
Change-Id: I0b2066e7161b2e12e3a4b39d3f9669938a04c9bb
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72108
Tested-by: core-ci <typo3@b13.com>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Benni Mack <benni@typo3.org>
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
---
typo3/sysext/backend/Classes/Form/Element/TextElement.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/typo3/sysext/backend/Classes/Form/Element/TextElement.php b/typo3/sysext/backend/Classes/Form/Element/TextElement.php
index 6f0e261380dd..fa7ae9ce3b96 100644
--- a/typo3/sysext/backend/Classes/Form/Element/TextElement.php
+++ b/typo3/sysext/backend/Classes/Form/Element/TextElement.php
@@ -227,7 +227,7 @@ class TextElement extends AbstractFormElement
$mainFieldHtml[] = '<div class="form-control-wrap"' . ($width ? ' style="max-width: ' . $width . 'px">' : '>');
$mainFieldHtml[] = '<div class="form-wizards-wrap">';
$mainFieldHtml[] = '<div class="form-wizards-element">';
- $mainFieldHtml[] = '<textarea ' . GeneralUtility::implodeAttributes($attributes, true) . '>' . htmlspecialchars($itemValue) . '</textarea>';
+ $mainFieldHtml[] = '<textarea ' . GeneralUtility::implodeAttributes($attributes, true) . '>' . htmlspecialchars((string)$itemValue) . '</textarea>';
$mainFieldHtml[] = '</div>';
if (!empty($valuePickerHtml) || !empty($fieldControlHtml)) {
$mainFieldHtml[] = '<div class="form-wizards-items-aside form-wizards-items-aside--field-control">';
--
GitLab