From a862b95eb6afb74c00040223cddf663662d9c807 Mon Sep 17 00:00:00 2001
From: Wouter Wolters <typo3@wouterwolters.nl>
Date: Fri, 27 May 2016 15:21:09 +0200
Subject: [PATCH] [TASK] Remove second parameter of getLL part 3/3
Remove the second parameter of getLL and replace it
with htmlspecialchars directly in the code.
Resolves: #76321
Related: #71917
Releases: master
Change-Id: I513c5915c9273c906b6b828d65425ac8ee485e12
Reviewed-on: https://review.typo3.org/48332
Reviewed-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Tested-by: Morton Jonuschat <m.jonuschat@mojocode.de>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
---
typo3/sysext/filelist/Classes/FileList.php | 4 +-
.../Classes/Report/LinkValidatorReport.php | 6 +-
.../Classes/Browser/DatabaseBrowser.php | 4 +-
.../Classes/Browser/FileBrowser.php | 12 ++--
.../Classes/Browser/FolderBrowser.php | 8 +--
.../AbstractLinkBrowserController.php | 16 ++---
.../Classes/LinkHandler/MailLinkHandler.php | 4 +-
.../Classes/LinkHandler/PageLinkHandler.php | 6 +-
.../Classes/LinkHandler/UrlLinkHandler.php | 2 +-
.../sysext/recordlist/Classes/RecordList.php | 6 +-
.../RecordList/AbstractDatabaseRecordList.php | 4 +-
.../Classes/RecordList/DatabaseRecordList.php | 66 +++++++++----------
.../Classes/View/FolderUtilityRenderer.php | 8 +--
.../Controller/SetupModuleController.php | 2 +-
.../sysext/sys_action/Classes/ActionTask.php | 6 +-
.../ToolbarItems/ActionToolbarItem.php | 2 +-
...ConstantEditorModuleFunctionController.php | 6 +-
.../Controller/VersionModuleController.php | 12 ++--
18 files changed, 87 insertions(+), 87 deletions(-)
diff --git a/typo3/sysext/filelist/Classes/FileList.php b/typo3/sysext/filelist/Classes/FileList.php
index ca0773276daa..6f8a98ba833f 100644
--- a/typo3/sysext/filelist/Classes/FileList.php
+++ b/typo3/sysext/filelist/Classes/FileList.php
@@ -412,12 +412,12 @@ class FileList extends AbstractRecordList
$cells[] = $this->linkClipboardHeaderIcon('<span title="' . htmlspecialchars($this->getLanguageService()->getLL('clip_selectMarked')) . '">' . $this->iconFactory->getIcon('actions-edit-copy', Icon::SIZE_SMALL)->render() . '</span>', $table, 'setCB');
$cells[] = $this->linkClipboardHeaderIcon('<span title="' . htmlspecialchars($this->getLanguageService()->getLL('clip_deleteMarked')) . '">' . $this->iconFactory->getIcon('actions-edit-delete', Icon::SIZE_SMALL)->render(), $table, 'delete', $this->getLanguageService()->getLL('clip_deleteMarkedWarning'));
$onClick = 'checkOffCB(' . GeneralUtility::quoteJSvalue(implode(',', $this->CBnames)) . ', this); return false;';
- $cells[] = '<a class="btn btn-default" rel="" href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . $this->getLanguageService()->getLL('clip_markRecords', true) . '">' . $this->iconFactory->getIcon('actions-document-select', Icon::SIZE_SMALL)->render() . '</a>';
+ $cells[] = '<a class="btn btn-default" rel="" href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . htmlspecialchars($this->getLanguageService()->getLL('clip_markRecords')) . '">' . $this->iconFactory->getIcon('actions-document-select', Icon::SIZE_SMALL)->render() . '</a>';
}
$theData[$v] = implode('', $cells);
} else {
// Normal row:
- $theT = $this->linkWrapSort($this->getLanguageService()->getLL('c_' . $v, true), $this->folderObject->getCombinedIdentifier(), $v);
+ $theT = $this->linkWrapSort(htmlspecialchars($this->getLanguageService()->getLL('c_' . $v)), $this->folderObject->getCombinedIdentifier(), $v);
$theData[$v] = $theT;
}
}
diff --git a/typo3/sysext/linkvalidator/Classes/Report/LinkValidatorReport.php b/typo3/sysext/linkvalidator/Classes/Report/LinkValidatorReport.php
index 97538f5847f7..4596c344eab6 100644
--- a/typo3/sysext/linkvalidator/Classes/Report/LinkValidatorReport.php
+++ b/typo3/sysext/linkvalidator/Classes/Report/LinkValidatorReport.php
@@ -439,7 +439,7 @@ class LinkValidatorReport extends \TYPO3\CMS\Backend\Module\AbstractFunctionModu
*/
protected function getNoBrokenLinkMessage(array $brokenLinksMarker)
{
- $brokenLinksMarker['LIST_HEADER'] = '<h3>' . $this->getLanguageService()->getLL('list.header', true) . '</h3>';
+ $brokenLinksMarker['LIST_HEADER'] = '<h3>' . htmlspecialchars($this->getLanguageService()->getLL('list.header')) . '</h3>';
/** @var $message FlashMessage */
$message = GeneralUtility::makeInstance(
FlashMessage::class,
@@ -478,7 +478,7 @@ class LinkValidatorReport extends \TYPO3\CMS\Backend\Module\AbstractFunctionModu
$makerTableHead[$column] = BackendUtility::wrapInHelp('linkvalidator', $column, $label);
}
// Add section header
- $makerTableHead['list_header'] = '<h3>' . $this->getLanguageService()->getLL('list.header', true) . '</h3>';
+ $makerTableHead['list_header'] = '<h3>' . htmlspecialchars($this->getLanguageService()->getLL('list.header')) . '</h3>';
return $makerTableHead;
}
@@ -581,7 +581,7 @@ class LinkValidatorReport extends \TYPO3\CMS\Backend\Module\AbstractFunctionModu
}
$checkOptionsTemplate = $this->templateService->getSubpart($this->doc->moduleTemplate, '###CHECKOPTIONS_SECTION###');
$hookSectionTemplate = $this->templateService->getSubpart($checkOptionsTemplate, '###HOOK_SECTION###');
- $markerArray['statistics_header'] = '<h3>' . $this->getLanguageService()->getLL('report.statistics.header', true) . '</h3>';
+ $markerArray['statistics_header'] = '<h3>' . htmlspecialchars($this->getLanguageService()->getLL('report.statistics.header')) . '</h3>';
$markerArray['total_count_label'] = BackendUtility::wrapInHelp('linkvalidator', 'checkboxes', $this->getLanguageService()->getLL('overviews.nbtotal'));
$markerArray['total_count'] = $brokenLinkOverView['brokenlinkCount'] ?: '0';
diff --git a/typo3/sysext/recordlist/Classes/Browser/DatabaseBrowser.php b/typo3/sysext/recordlist/Classes/Browser/DatabaseBrowser.php
index 20f3edcdefec..ee94f9b16df3 100644
--- a/typo3/sysext/recordlist/Classes/Browser/DatabaseBrowser.php
+++ b/typo3/sysext/recordlist/Classes/Browser/DatabaseBrowser.php
@@ -125,7 +125,7 @@ class DatabaseBrowser extends AbstractElementBrowser implements ElementBrowserIn
<tr>';
if ($withTree) {
$content .= '<td class="c-wCell" valign="top">'
- . '<h3>' . $this->getLanguageService()->getLL('pageTree', true) . ':</h3>'
+ . '<h3>' . htmlspecialchars($this->getLanguageService()->getLL('pageTree')) . ':</h3>'
. $this->getTemporaryTreeMountCancelNotice() . $tree . '</td>';
}
$content .= '<td class="c-wCell" valign="top">' . $renderedRecordList . '</td>
@@ -203,7 +203,7 @@ class DatabaseBrowser extends AbstractElementBrowser implements ElementBrowserIn
$tablesArr = GeneralUtility::trimExplode(',', $tables, true);
}
- $out = '<h3>' . $this->getLanguageService()->getLL('selectRecords', true) . ':</h3>';
+ $out = '<h3>' . htmlspecialchars($this->getLanguageService()->getLL('selectRecords')) . ':</h3>';
// Create the header, showing the current page for which the listing is.
// Includes link to the page itself, if pages are amount allowed tables.
$titleLen = (int)$backendUser->uc['titleLen'];
diff --git a/typo3/sysext/recordlist/Classes/Browser/FileBrowser.php b/typo3/sysext/recordlist/Classes/Browser/FileBrowser.php
index d1113adbc67a..8bd6ac1b30f7 100644
--- a/typo3/sysext/recordlist/Classes/Browser/FileBrowser.php
+++ b/typo3/sysext/recordlist/Classes/Browser/FileBrowser.php
@@ -202,7 +202,7 @@ class FileBrowser extends AbstractElementBrowser implements ElementBrowserInterf
<div class="element-browser-section element-browser-filetree">
<table border="0" cellpadding="0" cellspacing="0" id="typo3-EBfiles">
<tr>
- <td class="c-wCell" valign="top"><h3>' . $this->getLanguageService()->getLL('folderTree', true) . ':</h3>' . $tree . '</td>
+ <td class="c-wCell" valign="top"><h3>' . htmlspecialchars($this->getLanguageService()->getLL('folderTree')) . ':</h3>' . $tree . '</td>
<td class="c-wCell" valign="top">' . $files . '</td>
</tr>
</table>
@@ -254,8 +254,8 @@ class FileBrowser extends AbstractElementBrowser implements ElementBrowserInterf
<th class="col-title" nowrap="nowrap">' . $folderIcon . ' ' . htmlspecialchars(GeneralUtility::fixed_lgd_cs($folder->getIdentifier(), $titleLen)) . '</th>
<th class="col-control" nowrap="nowrap"></th>
<th class="col-clipboard" nowrap="nowrap">
- <a href="#" class="btn btn-default" id="t3js-importSelection" title="' . $lang->getLL('importSelection', true) . '">' . $this->iconFactory->getIcon('actions-document-import-t3d', Icon::SIZE_SMALL) . '</a>
- <a href="#" class="btn btn-default" id="t3js-toggleSelection" title="' . $lang->getLL('toggleSelection', true) . '">' . $this->iconFactory->getIcon('actions-document-select', Icon::SIZE_SMALL) . '</a>
+ <a href="#" class="btn btn-default" id="t3js-importSelection" title="' . htmlspecialchars($lang->getLL('importSelection')) . '">' . $this->iconFactory->getIcon('actions-document-import-t3d', Icon::SIZE_SMALL) . '</a>
+ <a href="#" class="btn btn-default" id="t3js-toggleSelection" title="' . htmlspecialchars($lang->getLL('toggleSelection')) . '">' . $this->iconFactory->getIcon('actions-document-select', Icon::SIZE_SMALL) . '</a>
</th>
<th nowrap="nowrap"> </th>
</tr>';
@@ -330,8 +330,8 @@ class FileBrowser extends AbstractElementBrowser implements ElementBrowserInterf
<tr class="file_list_normal">
<td class="col-title" nowrap="nowrap">' . $filenameAndIcon . ' </td>
<td class="col-control">
- <div class="btn-group">' . $ATag . '<span title="' . $lang->getLL('addToList', true) . '">' . $this->iconFactory->getIcon('actions-edit-add', Icon::SIZE_SMALL)->render() . '</span>' . $ATag_e . '
- <a href="' . htmlspecialchars($Ahref) . '" class="btn btn-default" title="' . $lang->getLL('info', true) . '">' . $this->iconFactory->getIcon('actions-document-info', Icon::SIZE_SMALL) . '</a>
+ <div class="btn-group">' . $ATag . '<span title="' . htmlspecialchars($lang->getLL('addToList')) . '">' . $this->iconFactory->getIcon('actions-edit-add', Icon::SIZE_SMALL)->render() . '</span>' . $ATag_e . '
+ <a href="' . htmlspecialchars($Ahref) . '" class="btn btn-default" title="' . htmlspecialchars($lang->getLL('info')) . '">' . $this->iconFactory->getIcon('actions-document-info', Icon::SIZE_SMALL) . '</a>
</td>
<td class="col-clipboard" valign="top">' . $bulkCheckBox . '</td>
<td nowrap="nowrap"> ' . $pDim . '</td>
@@ -344,7 +344,7 @@ class FileBrowser extends AbstractElementBrowser implements ElementBrowserInterf
}
}
- $out = '<h3>' . $lang->getLL('files', true) . ' ' . $filesCount . ':</h3>';
+ $out = '<h3>' . htmlspecialchars($lang->getLL('files')) . ' ' . $filesCount . ':</h3>';
$out .= GeneralUtility::makeInstance(FolderUtilityRenderer::class, $this)->getFileSearchField($this->searchWord);
$out .= '<div id="filelist">';
$out .= $this->getBulkSelector($filesCount);
diff --git a/typo3/sysext/recordlist/Classes/Browser/FolderBrowser.php b/typo3/sysext/recordlist/Classes/Browser/FolderBrowser.php
index 0383c089ac6c..a18284f4e5f3 100644
--- a/typo3/sysext/recordlist/Classes/Browser/FolderBrowser.php
+++ b/typo3/sysext/recordlist/Classes/Browser/FolderBrowser.php
@@ -106,7 +106,7 @@ class FolderBrowser extends AbstractElementBrowser implements ElementBrowserInte
-->
<table border="0" cellpadding="0" cellspacing="0" id="typo3-EBfiles">
<tr>
- <td class="c-wCell" valign="top"><h3>' . $this->getLanguageService()->getLL('folderTree', true) . ':</h3>' . $tree . '</td>
+ <td class="c-wCell" valign="top"><h3>' . htmlspecialchars($this->getLanguageService()->getLL('folderTree')) . ':</h3>' . $tree . '</td>
<td class="c-wCell" valign="top">' . $folders . '</td>
</tr>
</table>
@@ -140,7 +140,7 @@ class FolderBrowser extends AbstractElementBrowser implements ElementBrowserInte
$folderIdentifier = $parentFolder->getCombinedIdentifier();
// Create headline (showing number of folders):
- $content .= '<h3>' . sprintf($lang->getLL('folders', true) . ' (%s):', count($folders)) . '</h3>';
+ $content .= '<h3>' . sprintf(htmlspecialchars($lang->getLL('folders')) . ' (%s):', count($folders)) . '</h3>';
$titleLength = (int)$this->getBackendUser()->uc['titleLen'];
// Create the header of current folder:
@@ -162,7 +162,7 @@ class FolderBrowser extends AbstractElementBrowser implements ElementBrowserInte
$aTag_alt = '<a href="#" data-folder-id="' . htmlspecialchars($folderIdentifier) . '" data-close="1">';
if (strstr($subFolderIdentifier, ',') || strstr($subFolderIdentifier, '|')) {
// In case an invalid character is in the filepath, display error message:
- $errorMessage = sprintf($lang->getLL('invalidChar', true), ', |');
+ $errorMessage = sprintf(htmlspecialchars($lang->getLL('invalidChar')), ', |');
$aTag = '<a href="#" class="t3js-folderIdError" data-message="' . $errorMessage . '">';
}
$aTag_e = '</a>';
@@ -171,7 +171,7 @@ class FolderBrowser extends AbstractElementBrowser implements ElementBrowserInte
$lines[] = '
<tr>
<td nowrap="nowrap">' . $foldernameAndIcon . ' </td>
- <td>' . $aTag . '<span title="' . $lang->getLL('addToList', true) . '">' . $this->iconFactory->getIcon('actions-edit-add', Icon::SIZE_SMALL)->render() . '</span>' . $aTag_e . '</td>
+ <td>' . $aTag . '<span title="' . htmlspecialchars($lang->getLL('addToList')) . '">' . $this->iconFactory->getIcon('actions-edit-add', Icon::SIZE_SMALL)->render() . '</span>' . $aTag_e . '</td>
<td> </td>
</tr>';
$lines[] = '
diff --git a/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php b/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php
index b40060755f97..571d80cbd75f 100644
--- a/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php
+++ b/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php
@@ -340,7 +340,7 @@ abstract class AbstractLinkBrowserController
return '<!-- Print current URL -->
<div class="link-browser-section link-browser-current-link">
<strong>' .
- $this->getLanguageService()->getLL('currentLink', true) .
+ htmlspecialchars($this->getLanguageService()->getLL('currentLink')) .
': ' .
htmlspecialchars($this->currentLinkHandler->formatCurrentUrl()) .
'</strong>
@@ -475,7 +475,7 @@ abstract class AbstractLinkBrowserController
$content .= '
<form action="" name="lparamsform" id="lparamsform" class="form-horizontal">
<div class="form-group form-group-sm">
- <input class="btn btn-default t3js-linkCurrent" type="submit" value="' . $this->getLanguageService()->getLL('update', true) . '" />
+ <input class="btn btn-default t3js-linkCurrent" type="submit" value="' . htmlspecialchars($this->getLanguageService()->getLL('update')) . '" />
</div>
</form>';
}
@@ -499,7 +499,7 @@ abstract class AbstractLinkBrowserController
-->
<form action="" name="ltargetform" id="ltargetform" class="t3js-dummyform form-horizontal">
<div class="form-group form-group-sm" id="typo3-linkTarget">
- <label class="col-xs-4 control-label">' . $lang->getLL('target', true) . '</label>
+ <label class="col-xs-4 control-label">' . htmlspecialchars($lang->getLL('target')) . '</label>
<div class="col-xs-3">
<input type="text" name="ltarget" class="t3js-linkTarget form-control"
value="' . htmlspecialchars($this->linkAttributeValues['target']) . '" />
@@ -507,8 +507,8 @@ abstract class AbstractLinkBrowserController
<div class="col-xs-5">
<select name="ltarget_type" class="t3js-targetPreselect form-control">
<option value=""></option>
- <option value="_top">' . $lang->getLL('top', true) . '</option>
- <option value="_blank">' . $lang->getLL('newWindow', true) . '</option>
+ <option value="_top">' . htmlspecialchars($lang->getLL('top')) . '</option>
+ <option value="_blank">' . htmlspecialchars($lang->getLL('newWindow')) . '</option>
</select>
</div>
</div>
@@ -520,7 +520,7 @@ abstract class AbstractLinkBrowserController
-->
<form action="" name="ltitleform" id="ltitleform" class="t3js-dummyform form-horizontal">
<div class="form-group form-group-sm" id="typo3-linkTitle">
- <label class="col-xs-4 control-label">' . $lang->getLL('title', true) . '</label>
+ <label class="col-xs-4 control-label">' . htmlspecialchars($lang->getLL('title')) . '</label>
<div class="col-xs-8">
<input type="text" name="ltitle" class="form-control"
value="' . htmlspecialchars($this->linkAttributeValues['title']) . '" />
@@ -535,7 +535,7 @@ abstract class AbstractLinkBrowserController
-->
<form action="" name="lclassform" id="lclassform" class="t3js-dummyform form-horizontal">
<div class="form-group form-group-sm" id="typo3-linkClass">
- <label class="col-xs-4 control-label">' . $lang->getLL('class', true) . '</label>
+ <label class="col-xs-4 control-label">' . htmlspecialchars($lang->getLL('class')) . '</label>
<div class="col-xs-8">
<input type="text" name="lclass" class="form-control"
value="' . htmlspecialchars($this->linkAttributeValues['class']) . '" /></td>
@@ -550,7 +550,7 @@ abstract class AbstractLinkBrowserController
-->
<form action="" name="lparamsform" id="lparamsform" class="t3js-dummyform form-horizontal">
<div class="form-group form-group-sm" id="typo3-linkParams">
- <label class="col-xs-4 control-label">' . $lang->getLL('params', true) . '</label>
+ <label class="col-xs-4 control-label">' . htmlspecialchars($lang->getLL('params')) . '</label>
<div class="col-xs-8">
<input type="text" name="lparams" class="form-control"
value="' . htmlspecialchars($this->linkAttributeValues['params']) . '" />
diff --git a/typo3/sysext/recordlist/Classes/LinkHandler/MailLinkHandler.php b/typo3/sysext/recordlist/Classes/LinkHandler/MailLinkHandler.php
index e1c54428b047..149095ae39cf 100644
--- a/typo3/sysext/recordlist/Classes/LinkHandler/MailLinkHandler.php
+++ b/typo3/sysext/recordlist/Classes/LinkHandler/MailLinkHandler.php
@@ -99,14 +99,14 @@ class MailLinkHandler extends AbstractLinkHandler implements LinkHandlerInterfac
<div class="link-browser-section link-browser-tab-content-mail">
<form action="" id="lmailform" class="form-horizontal">
<div class="form-group form-group-sm">
- <label class="col-xs-4 control-label">' . $lang->getLL('emailAddress', true) . ':</label>
+ <label class="col-xs-4 control-label">' . htmlspecialchars($lang->getLL('emailAddress')) . ':</label>
<div class="col-xs-6">
<input type="text" name="lemail" size="20" class="form-control" value="'
. htmlspecialchars(!empty($this->linkParts) ? $this->linkParts['url'] : '')
. '" />
</div>
<div class="col-xs-2">
- <input class="btn btn-default" type="submit" value="' . $lang->getLL('setLink', true) . '" />
+ <input class="btn btn-default" type="submit" value="' . htmlspecialchars($lang->getLL('setLink')) . '" />
</div>
</div>
</form>
diff --git a/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php b/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php
index b78520660a62..475b7cc4ffc3 100644
--- a/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php
+++ b/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php
@@ -97,7 +97,7 @@ class PageLinkHandler extends AbstractLinkHandler implements LinkHandlerInterfac
$id = $this->linkParts['pageid'];
$pageRow = BackendUtility::getRecordWSOL('pages', $id);
- return $lang->getLL('page', true)
+ return htmlspecialchars($lang->getLL('page'))
. ' \'' . htmlspecialchars(GeneralUtility::fixed_lgd_cs($pageRow['title'], $titleLen)) . '\''
. ' (ID:' . $id . ($this->linkParts['anchor'] ? ', #' . $this->linkParts['anchor'] : '') . ')';
}
@@ -318,12 +318,12 @@ class PageLinkHandler extends AbstractLinkHandler implements LinkHandlerInterfac
<tr>
<td>
<label>
- ' . $this->getLanguageService()->getLL('page_id', true) . ':
+ ' . htmlspecialchars($this->getLanguageService()->getLL('page_id')) . ':
</label>
</td>
<td colspan="3">
<input type="text" size="6" name="luid" id="luid" /> <input class="btn btn-default t3js-pageLink" type="submit" value="'
- . $this->getLanguageService()->getLL('setLink', true) . '" />
+ . htmlspecialchars($this->getLanguageService()->getLL('setLink')) . '" />
</td>
</tr>';
}
diff --git a/typo3/sysext/recordlist/Classes/LinkHandler/UrlLinkHandler.php b/typo3/sysext/recordlist/Classes/LinkHandler/UrlLinkHandler.php
index 502d9d87d06d..242a54e51a1a 100644
--- a/typo3/sysext/recordlist/Classes/LinkHandler/UrlLinkHandler.php
+++ b/typo3/sysext/recordlist/Classes/LinkHandler/UrlLinkHandler.php
@@ -105,7 +105,7 @@ class UrlLinkHandler extends AbstractLinkHandler implements LinkHandlerInterface
</div>
<div class="col-xs-2">
<input class="btn btn-default" type="submit"
- value="' . $this->getLanguageService()->getLL('setLink', true) . '" />
+ value="' . htmlspecialchars($this->getLanguageService()->getLL('setLink')) . '" />
</div>
</div>
</form>
diff --git a/typo3/sysext/recordlist/Classes/RecordList.php b/typo3/sysext/recordlist/Classes/RecordList.php
index fdf81d01fb6e..637e8329e30e 100755
--- a/typo3/sysext/recordlist/Classes/RecordList.php
+++ b/typo3/sysext/recordlist/Classes/RecordList.php
@@ -512,7 +512,7 @@ class RecordList extends AbstractModule
$this->body .= '<div class="checkbox">' .
'<label for="checkLargeControl">' .
BackendUtility::getFuncCheck($this->id, 'SET[bigControlPanel]', $this->MOD_SETTINGS['bigControlPanel'], '', $this->table ? '&table=' . $this->table : '', 'id="checkLargeControl"') .
- BackendUtility::wrapInHelp('xMOD_csh_corebe', 'list_options', $lang->getLL('largeControl', true)) .
+ BackendUtility::wrapInHelp('xMOD_csh_corebe', 'list_options', htmlspecialchars($lang->getLL('largeControl'))) .
'</label>' .
'</div>';
}
@@ -523,7 +523,7 @@ class RecordList extends AbstractModule
$this->body .= '<div class="checkbox">' .
'<label for="checkShowClipBoard">' .
BackendUtility::getFuncCheck($this->id, 'SET[clipBoard]', $this->MOD_SETTINGS['clipBoard'], '', $this->table ? '&table=' . $this->table : '', 'id="checkShowClipBoard"') .
- BackendUtility::wrapInHelp('xMOD_csh_corebe', 'list_options', $lang->getLL('showClipBoard', true)) .
+ BackendUtility::wrapInHelp('xMOD_csh_corebe', 'list_options', htmlspecialchars($lang->getLL('showClipBoard'))) .
'</label>' .
'</div>';
}
@@ -534,7 +534,7 @@ class RecordList extends AbstractModule
$this->body .= '<div class="checkbox">' .
'<label for="checkLocalization">' .
BackendUtility::getFuncCheck($this->id, 'SET[localization]', $this->MOD_SETTINGS['localization'], '', $this->table ? '&table=' . $this->table : '', 'id="checkLocalization"') .
- BackendUtility::wrapInHelp('xMOD_csh_corebe', 'list_options', $lang->getLL('localization', true)) .
+ BackendUtility::wrapInHelp('xMOD_csh_corebe', 'list_options', htmlspecialchars($lang->getLL('localization'))) .
'</label>' .
'</div>';
}
diff --git a/typo3/sysext/recordlist/Classes/RecordList/AbstractDatabaseRecordList.php b/typo3/sysext/recordlist/Classes/RecordList/AbstractDatabaseRecordList.php
index ba6de0333743..43f7aaeb65b5 100644
--- a/typo3/sysext/recordlist/Classes/RecordList/AbstractDatabaseRecordList.php
+++ b/typo3/sysext/recordlist/Classes/RecordList/AbstractDatabaseRecordList.php
@@ -869,7 +869,7 @@ class AbstractDatabaseRecordList extends AbstractRecordList
// "Edit" link: ( Only if permissions to edit the page-record of the content of the parent page ($this->id)
if ($permsEdit) {
$params = '&edit[' . $table . '][' . $row['uid'] . ']=edit';
- $code = '<a href="#" onclick="' . htmlspecialchars(BackendUtility::editOnClick($params, '', -1)) . '" title="' . $lang->getLL('edit', true) . '">' . $code . '</a>';
+ $code = '<a href="#" onclick="' . htmlspecialchars(BackendUtility::editOnClick($params, '', -1)) . '" title="' . htmlspecialchars($lang->getLL('edit')) . '">' . $code . '</a>';
}
break;
case 'show':
@@ -882,7 +882,7 @@ class AbstractDatabaseRecordList extends AbstractRecordList
break;
case 'info':
// "Info": (All records)
- $code = '<a href="#" onclick="' . htmlspecialchars(('top.launchView(\'' . $table . '\', \'' . $row['uid'] . '\'); return false;')) . '" title="' . $lang->getLL('showInfo', true) . '">' . $code . '</a>';
+ $code = '<a href="#" onclick="' . htmlspecialchars(('top.launchView(\'' . $table . '\', \'' . $row['uid'] . '\'); return false;')) . '" title="' . htmlspecialchars($lang->getLL('showInfo')) . '">' . $code . '</a>';
break;
default:
// Output the label now:
diff --git a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
index 1d7e7314d2a0..0ae991f02346 100644
--- a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
+++ b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
@@ -266,7 +266,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if (!$module->modTSconfig['properties']['noCreateRecordsLink'] && $this->editLockPermissions()) {
$onClick = htmlspecialchars('return jumpExt(' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('db_new', ['id' => $this->id])) . ');');
$buttons['new_record'] = '<a href="#" onclick="' . $onClick . '" title="'
- . $lang->getLL('newRecordGeneral', true) . '">'
+ . htmlspecialchars($lang->getLL('newRecordGeneral')) . '">'
. $this->iconFactory->getIcon('actions-add', Icon::SIZE_SMALL)->render() . '</a>';
}
// If edit permissions are set, see
@@ -275,7 +275,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
// Edit
$params = '&edit[pages][' . $this->pageRow['uid'] . ']=edit';
$onClick = htmlspecialchars(BackendUtility::editOnClick($params, '', -1));
- $buttons['edit'] = '<a href="#" onclick="' . $onClick . '" title="' . $lang->getLL('editPage', true) . '">'
+ $buttons['edit'] = '<a href="#" onclick="' . $onClick . '" title="' . htmlspecialchars($lang->getLL('editPage')) . '">'
. $this->iconFactory->getIcon('actions-page-open', Icon::SIZE_SMALL)->render()
. '</a>';
}
@@ -286,10 +286,10 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$confirmText = $this->clipObj->confirmMsgText('pages', $this->pageRow, 'into', $elFromTable);
$buttons['paste'] = '<a'
. ' href="' . htmlspecialchars($this->clipObj->pasteUrl('', $this->id)) . '"'
- . ' title="' . $lang->getLL('clip_paste', true) . '"'
+ . ' title="' . htmlspecialchars($lang->getLL('clip_paste')) . '"'
. ' class="t3js-modal-trigger"'
. ' data-severity="warning"'
- . ' data-title="' . $lang->getLL('clip_paste', true) . '"'
+ . ' data-title="' . htmlspecialchars($lang->getLL('clip_paste')) . '"'
. ' data-content="' . htmlspecialchars($confirmText) . '"'
. '>'
. $this->iconFactory->getIcon('actions-document-paste-after', Icon::SIZE_SMALL)->render()
@@ -688,8 +688,8 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
. '</span> (<span class="t3js-table-total-items">' . $this->totalItems . '</span>)';
} else {
$icon = $this->table
- ? '<span title="' . $lang->getLL('contractView', true) . '">' . $this->iconFactory->getIcon('actions-view-table-collapse', Icon::SIZE_SMALL)->render() . '</span>'
- : '<span title="' . $lang->getLL('expandView', true) . '">' . $this->iconFactory->getIcon('actions-view-table-expand', Icon::SIZE_SMALL)->render() . '</span>';
+ ? '<span title="' . htmlspecialchars($lang->getLL('contractView')) . '">' . $this->iconFactory->getIcon('actions-view-table-collapse', Icon::SIZE_SMALL)->render() . '</span>'
+ : '<span title="' . htmlspecialchars($lang->getLL('expandView')) . '">' . $this->iconFactory->getIcon('actions-view-table-expand', Icon::SIZE_SMALL)->render() . '</span>';
$theData[$titleCol] = $this->linkWrapTable($table, $tableTitle . ' (<span class="t3js-table-total-items">' . $this->totalItems . '</span>) ' . $icon);
}
if ($listOnlyInSingleTableMode) {
@@ -1064,7 +1064,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
break;
case '_LOCALIZATION_b':
// Path
- $theData[$fCol] = $lang->getLL('Localize', true);
+ $theData[$fCol] = htmlspecialchars($lang->getLL('Localize'));
break;
case '_CLIPBOARD_':
if (!$this->getModule()->MOD_SETTINGS['clipBoard']) {
@@ -1080,8 +1080,8 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$confirmMessage = $this->clipObj->confirmMsgText('pages', $this->pageRow, 'into', $elFromTable);
$cells['pasteAfter'] = '<a class="btn btn-default t3js-modal-trigger"'
. ' href="' . $href . '"'
- . ' title="' . $lang->getLL('clip_paste', true) . '"'
- . ' data-title="' . $lang->getLL('clip_paste', true) . '"'
+ . ' title="' . htmlspecialchars($lang->getLL('clip_paste')) . '"'
+ . ' data-title="' . htmlspecialchars($lang->getLL('clip_paste')) . '"'
. ' data-content="' . htmlspecialchars($confirmMessage) . '"'
. ' data-severity="warning">'
. $this->iconFactory->getIcon('actions-document-paste-after', Icon::SIZE_SMALL)->render()
@@ -1102,7 +1102,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
array_push($onClickArray, $params . '&' . $lastElement);
$onClick = implode('?', $onClickArray);
$cells['edit'] = '<a class="btn btn-default" href="#" onclick="' . htmlspecialchars($onClick) . '" title="'
- . $lang->getLL('clip_editMarked', true) . '">'
+ . htmlspecialchars($lang->getLL('clip_editMarked')) . '">'
. $this->iconFactory->getIcon('actions-document-open', Icon::SIZE_SMALL)->render() . '</a>';
// The "Delete marked" link:
$cells['delete'] = $this->linkClipboardHeaderIcon(
@@ -1115,7 +1115,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
// The "Select all" link:
$onClick = htmlspecialchars(('checkOffCB(' . GeneralUtility::quoteJSvalue(implode(',', $this->CBnames)) . ', this); return false;'));
$cells['markAll'] = '<a class="btn btn-default" rel="" href="#" onclick="' . $onClick . '" title="'
- . $lang->getLL('clip_markRecords', true) . '">'
+ . htmlspecialchars($lang->getLL('clip_markRecords')) . '">'
. $this->iconFactory->getIcon('actions-document-select', Icon::SIZE_SMALL)->render() . '</a>';
} else {
$cells['empty'] = '';
@@ -1157,11 +1157,11 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$onClick = 'return jumpExt(' . GeneralUtility::quoteJSvalue($newContentWizScriptPath) . ');';
$icon = '<a class="btn btn-default" href="#" onclick="' . htmlspecialchars($onClick) . '" title="'
- . $lang->getLL('new', true) . '">' . $spriteIcon->render() . '</a>';
+ . htmlspecialchars($lang->getLL('new')) . '">' . $spriteIcon->render() . '</a>';
} elseif ($table == 'pages' && $this->newWizards) {
$parameters = ['id' => $this->id, 'pagesOnly' => 1, 'returnUrl' => GeneralUtility::getIndpEnv('REQUEST_URI')];
$href = BackendUtility::getModuleUrl('db_new', $parameters);
- $icon = '<a class="btn btn-default" href="' . htmlspecialchars($href) . '" title="' . $lang->getLL('new', true) . '">'
+ $icon = '<a class="btn btn-default" href="' . htmlspecialchars($href) . '" title="' . htmlspecialchars($lang->getLL('new')) . '">'
. $spriteIcon->render() . '</a>';
} else {
$params = '&edit[' . $table . '][' . $this->id . ']=new';
@@ -1169,7 +1169,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$params .= '&overrideVals[pages_language_overlay][doktype]=' . (int)$this->pageRow['doktype'];
}
$icon = '<a class="btn btn-default" href="#" onclick="' . htmlspecialchars(BackendUtility::editOnClick($params, '', -1))
- . '" title="' . $lang->getLL('new', true) . '">' . $spriteIcon->render() . '</a>';
+ . '" title="' . htmlspecialchars($lang->getLL('new')) . '">' . $spriteIcon->render() . '</a>';
}
}
// If the table can be edited, add link for editing ALL SHOWN fields for all listed records:
@@ -1186,7 +1186,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
array_push($onClickArray, $params . '&' . $lastElement);
$onClick = implode('?', $onClickArray);
$icon .= '<a class="btn btn-default" href="#" onclick="' . htmlspecialchars($onClick)
- . '" title="' . $lang->getLL('editShownColumns', true) . '">'
+ . '" title="' . htmlspecialchars($lang->getLL('editShownColumns')) . '">'
. $this->iconFactory->getIcon('actions-document-open', Icon::SIZE_SMALL)->render() . '</a>';
$icon = '<div class="btn-group" role="group">' . $icon . '</div>';
}
@@ -1214,7 +1214,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
// If the numeric clipboard pads are selected, show duplicate sorting link:
if ($this->clipNumPane()) {
$theData[$fCol] .= '<a class="btn btn-default" href="' . htmlspecialchars($this->listURL('', '-1') . '&duplicateField=' . $fCol)
- . '" title="' . $lang->getLL('clip_duplicates', true) . '">'
+ . '" title="' . htmlspecialchars($lang->getLL('clip_duplicates')) . '">'
. $this->iconFactory->getIcon('actions-document-duplicates-select', Icon::SIZE_SMALL)->render() . '</a>';
}
// If the table can be edited, add link for editing THIS field for all
@@ -1431,20 +1431,20 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$iconIdentifier = 'actions-open';
$overlayIdentifier = !$this->isEditable($table) ? 'overlay-readonly' : null;
$editAction = '<a class="btn btn-default" href="#" onclick="' . htmlspecialchars(BackendUtility::editOnClick($params, '', -1))
- . '" title="' . $this->getLanguageService()->getLL('edit', true) . '">' . $this->iconFactory->getIcon($iconIdentifier, Icon::SIZE_SMALL, $overlayIdentifier)->render() . '</a>';
+ . '" title="' . htmlspecialchars($this->getLanguageService()->getLL('edit')) . '">' . $this->iconFactory->getIcon($iconIdentifier, Icon::SIZE_SMALL, $overlayIdentifier)->render() . '</a>';
} else {
$editAction = $this->spaceIcon;
}
$this->addActionToCellGroup($cells, $editAction, 'edit');
// "Info": (All records)
$onClick = 'top.launchView(' . GeneralUtility::quoteJSvalue($table) . ', ' . (int)$row['uid'] . '); return false;';
- $viewBigAction = '<a class="btn btn-default" href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . $this->getLanguageService()->getLL('showInfo', true) . '">'
+ $viewBigAction = '<a class="btn btn-default" href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . htmlspecialchars($this->getLanguageService()->getLL('showInfo')) . '">'
. $this->iconFactory->getIcon('actions-document-info', Icon::SIZE_SMALL)->render() . '</a>';
$this->addActionToCellGroup($cells, $viewBigAction, 'viewBig');
// "Move" wizard link for pages/tt_content elements:
if ($permsEdit && ($table === 'tt_content' || $table === 'pages')) {
$onClick = 'return jumpExt(' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('move_element') . '&table=' . $table . '&uid=' . $row['uid']) . ');';
- $linkTitleLL = $this->getLanguageService()->getLL('move_' . ($table === 'tt_content' ? 'record' : 'page'), true);
+ $linkTitleLL = htmlspecialchars($this->getLanguageService()->getLL('move_' . ($table === 'tt_content' ? 'record' : 'page')));
$icon = ($table == 'pages' ? $this->iconFactory->getIcon('actions-page-move', Icon::SIZE_SMALL) : $this->iconFactory->getIcon('actions-document-move', Icon::SIZE_SMALL));
$moveAction = '<a class="btn btn-default" href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . $linkTitleLL . '">' . $icon->render() . '</a>';
$this->addActionToCellGroup($cells, $moveAction, 'move');
@@ -1455,7 +1455,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$moduleUrl = BackendUtility::getModuleUrl('record_history', array('element' => $table . ':' . $row['uid']));
$onClick = 'return jumpExt(' . GeneralUtility::quoteJSvalue($moduleUrl) . ',\'#latest\');';
$historyAction = '<a class="btn btn-default" href="#" onclick="' . htmlspecialchars($onClick) . '" title="'
- . $this->getLanguageService()->getLL('history', true) . '">'
+ . htmlspecialchars($this->getLanguageService()->getLL('history')) . '">'
. $this->iconFactory->getIcon('actions-document-history-open', Icon::SIZE_SMALL)->render() . '</a>';
$this->addActionToCellGroup($cells, $historyAction, 'history');
// Versioning:
@@ -1467,7 +1467,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
'table' => $table, 'uid' => $row['uid']
));
$versionAction = '<a class="btn btn-default" href="' . htmlspecialchars($href) . '" title="'
- . $this->getLanguageService()->getLL('displayVersions', true) . '">'
+ . htmlspecialchars($this->getLanguageService()->getLL('displayVersions')) . '">'
. $this->iconFactory->getIcon('actions-version-page-open', Icon::SIZE_SMALL)->render() . '</a>';
$this->addActionToCellGroup($cells, $versionAction, 'version');
}
@@ -1476,7 +1476,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if ($table === 'pages' && $this->getBackendUserAuthentication()->check('modules', 'system_BeuserTxPermission') && ExtensionManagementUtility::isLoaded('beuser')) {
$href = BackendUtility::getModuleUrl('system_BeuserTxPermission') . '&id=' . $row['uid'] . '&return_id=' . $row['uid'] . '&edit=1';
$permsAction = '<a class="btn btn-default" href="' . htmlspecialchars($href) . '" title="'
- . $this->getLanguageService()->getLL('permissions', true) . '">'
+ . htmlspecialchars($this->getLanguageService()->getLL('permissions')) . '">'
. $this->iconFactory->getIcon('status-status-locked', Icon::SIZE_SMALL)->render() . '</a>';
$this->addActionToCellGroup($cells, $permsAction, 'perms');
}
@@ -1505,7 +1505,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$params = '&cmd[' . $table . '][' . $row['uid'] . '][move]=' . $this->currentTable['prev'][$row['uid']];
$moveUpAction = '<a class="btn btn-default" href="#" onclick="'
. htmlspecialchars('return jumpToUrl(' . BackendUtility::getLinkToDataHandlerAction($params, -1) . ');')
- . '" title="' . $this->getLanguageService()->getLL('moveUp', true) . '">'
+ . '" title="' . htmlspecialchars($this->getLanguageService()->getLL('moveUp')) . '">'
. $this->iconFactory->getIcon('actions-move-up', Icon::SIZE_SMALL)->render() . '</a>';
} else {
$moveUpAction = $this->spaceIcon;
@@ -1517,7 +1517,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$params = '&cmd[' . $table . '][' . $row['uid'] . '][move]=' . $this->currentTable['next'][$row['uid']];
$moveDownAction = '<a class="btn btn-default" href="#" onclick="'
. htmlspecialchars('return jumpToUrl(' . BackendUtility::getLinkToDataHandlerAction($params, -1) . ');')
- . '" title="' . $this->getLanguageService()->getLL('moveDown', true) . '">'
+ . '" title="' . htmlspecialchars($this->getLanguageService()->getLL('moveDown')) . '">'
. $this->iconFactory->getIcon('actions-move-down', Icon::SIZE_SMALL)->render() . '</a>';
} else {
$moveDownAction = $this->spaceIcon;
@@ -1535,8 +1535,8 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if ($this->isRecordCurrentBackendUser($table, $row)) {
$hideAction = $this->spaceIcon;
} else {
- $hideTitle = $this->getLanguageService()->getLL('hide' . ($table == 'pages' ? 'Page' : ''), true);
- $unhideTitle = $this->getLanguageService()->getLL('unHide' . ($table == 'pages' ? 'Page' : ''), true);
+ $hideTitle = htmlspecialchars($this->getLanguageService()->getLL('hide' . ($table == 'pages' ? 'Page' : '')));
+ $unhideTitle = htmlspecialchars($this->getLanguageService()->getLL('unHide' . ($table == 'pages' ? 'Page' : '')));
if ($row[$hiddenField]) {
$params = 'data[' . $table . '][' . $rowUid . '][' . $hiddenField . ']=0';
$hideAction = '<a class="btn btn-default t3js-record-hide" data-state="hidden" href="#"'
@@ -1580,7 +1580,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$params = 'cmd[' . $table . '][' . $row['uid'] . '][delete]=1';
$icon = $this->iconFactory->getIcon('actions-edit-' . $actionName, Icon::SIZE_SMALL)->render();
- $linkTitle = $this->getLanguageService()->getLL($actionName, true);
+ $linkTitle = htmlspecialchars($this->getLanguageService()->getLL($actionName));
$deleteAction = '<a class="btn btn-default t3js-record-delete" href="#" '
. ' data-l10parent="' . htmlspecialchars($row['l10n_parent']) . '"'
. ' data-params="' . htmlspecialchars($params) . '" data-title="' . htmlspecialchars($title) . '"'
@@ -1598,7 +1598,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$params = '&cmd[' . $table . '][' . $row['uid'] . '][move]=' . -$this->id;
$moveLeftAction = '<a class="btn btn-default" href="#" onclick="'
. htmlspecialchars('return jumpToUrl(' . BackendUtility::getLinkToDataHandlerAction($params, -1) . ');')
- . '" title="' . $this->getLanguageService()->getLL('prevLevel', true) . '">'
+ . '" title="' . htmlspecialchars($this->getLanguageService()->getLL('prevLevel')) . '">'
. $this->iconFactory->getIcon('actions-move-left', Icon::SIZE_SMALL)->render() . '</a>';
$this->addActionToCellGroup($cells, $moveLeftAction, 'moveLeft');
}
@@ -1609,7 +1609,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$params = '&cmd[' . $table . '][' . $row['uid'] . '][move]=' . $this->currentTable['prevUid'][$row['uid']];
$moveRightAction = '<a class="btn btn-default" href="#" onclick="'
. htmlspecialchars('return jumpToUrl(' . BackendUtility::getLinkToDataHandlerAction($params, -1) . ');')
- . '" title="' . $this->getLanguageService()->getLL('nextLevel', true) . '">'
+ . '" title="' . htmlspecialchars($this->getLanguageService()->getLL('nextLevel')) . '">'
. $this->iconFactory->getIcon('actions-move-right', Icon::SIZE_SMALL)->render() . '</a>';
} else {
$moveRightAction = $this->spaceIcon;
@@ -1783,8 +1783,8 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
? $this->spaceIcon
: '<a class="btn btn-default t3js-modal-trigger"'
. ' href="' . htmlspecialchars($this->clipObj->pasteUrl($table, -$row['uid'])) . '"'
- . ' title="' . $this->getLanguageService()->getLL('clip_pasteAfter', true) . '"'
- . ' data-title="' . $this->getLanguageService()->getLL('clip_pasteAfter', true) . '"'
+ . ' title="' . htmlspecialchars($this->getLanguageService()->getLL('clip_pasteAfter')) . '"'
+ . ' data-title="' . htmlspecialchars($this->getLanguageService()->getLL('clip_pasteAfter')) . '"'
. ' data-content="' . htmlspecialchars($this->clipObj->confirmMsgText($table, $row, 'after', $elFromTable)) . '"'
. ' data-severity="warning">'
. $this->iconFactory->getIcon('actions-document-paste-after', Icon::SIZE_SMALL)->render() . '</a>';
@@ -1794,8 +1794,8 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if ($table == 'pages' && !empty($elFromTable)) {
$cells['pasteInto'] = '<a class="btn btn-default t3js-modal-trigger"'
. ' href="' . htmlspecialchars($this->clipObj->pasteUrl('', $row['uid'])) . '"'
- . ' title="' . $this->getLanguageService()->getLL('clip_pasteInto', true) . '"'
- . ' data-title="' . $this->getLanguageService()->getLL('clip_pasteInto', true) . '"'
+ . ' title="' . htmlspecialchars($this->getLanguageService()->getLL('clip_pasteInto')) . '"'
+ . ' data-title="' . htmlspecialchars($this->getLanguageService()->getLL('clip_pasteInto')) . '"'
. ' data-content="' . htmlspecialchars($this->clipObj->confirmMsgText($table, $row, 'into', $elFromTable)) . '"'
. ' data-severity="warning">'
. $this->iconFactory->getIcon('actions-document-paste-into', Icon::SIZE_SMALL)->render() . '</a>';
diff --git a/typo3/sysext/recordlist/Classes/View/FolderUtilityRenderer.php b/typo3/sysext/recordlist/Classes/View/FolderUtilityRenderer.php
index 0c76657b55eb..2fbf470b332e 100644
--- a/typo3/sysext/recordlist/Classes/View/FolderUtilityRenderer.php
+++ b/typo3/sysext/recordlist/Classes/View/FolderUtilityRenderer.php
@@ -68,8 +68,8 @@ class FolderUtilityRenderer
$markup[] = '<div class="element-browser-section element-browser-createfolder">';
$markup[] = '<form action="' . htmlspecialchars($formAction)
. '" method="post" name="editform" enctype="multipart/form-data">';
- $markup[] = '<h3>' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:create_folder.title', true) . ':</h3>';
- $markup[] = '<p><strong>' . $lang->getLL('path', true) . ':</strong>'
+ $markup[] = '<h3>' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:create_folder.title')) . ':</h3>';
+ $markup[] = '<p><strong>' . htmlspecialchars($lang->getLL('path')) . ':</strong>'
. htmlspecialchars($folderObject->getIdentifier()) . '</p>';
$a = 1;
@@ -136,7 +136,7 @@ class FolderUtilityRenderer
$markup[] = ' <form action="' . htmlspecialchars($formAction)
. '" method="post" name="editform" enctype="multipart/form-data">';
$markup[] = ' <h3>' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.php.pagetitle', true) . ':</h3>';
- $markup[] = ' <p><strong>' . $lang->getLL('path', true) . ':</strong>' . htmlspecialchars($header) . '</p>';
+ $markup[] = ' <p><strong>' . htmlspecialchars($lang->getLL('path')) . ':</strong>' . htmlspecialchars($header) . '</p>';
// Traverse the number of upload fields:
for ($a = 1; $a <= $count; $a++) {
$markup[] = '<div class="form-group">';
@@ -199,7 +199,7 @@ class FolderUtilityRenderer
$markup[] = ' <form action="' . htmlspecialchars($formAction)
. '" method="post" name="editform1" id="typo3-addMediaForm" enctype="multipart/form-data">';
$markup[] = '<h3>' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media', true) . ':</h3>';
- $markup[] = '<p><strong>' . $lang->getLL('path', true) . ':</strong>' . htmlspecialchars($header) . '</p>';
+ $markup[] = '<p><strong>' . htmlspecialchars($lang->getLL('path')) . ':</strong>' . htmlspecialchars($header) . '</p>';
$markup[] = '<div class="row form-group"><div class="col-xs-8">';
$markup[] = '<input type="hidden" name="file[newMedia][0][target]" value="'
. htmlspecialchars($folderObject->getCombinedIdentifier()) . '" />';
diff --git a/typo3/sysext/setup/Classes/Controller/SetupModuleController.php b/typo3/sysext/setup/Classes/Controller/SetupModuleController.php
index cc43cb1fd433..49f0e906887b 100644
--- a/typo3/sysext/setup/Classes/Controller/SetupModuleController.php
+++ b/typo3/sysext/setup/Classes/Controller/SetupModuleController.php
@@ -670,7 +670,7 @@ class SetupModuleController extends AbstractModule
{
$languageOptions = array();
// Compile the languages dropdown
- $langDefault = $this->getLanguageService()->getLL('lang_default', true);
+ $langDefault = htmlspecialchars($this->getLanguageService()->getLL('lang_default'));
$languageOptions[$langDefault] = '<option value=""' . ($this->getBackendUser()->uc['lang'] === '' ? ' selected="selected"' : '') . '>' . $langDefault . '</option>';
// Traverse the number of languages
/** @var $locales \TYPO3\CMS\Core\Localization\Locales */
diff --git a/typo3/sysext/sys_action/Classes/ActionTask.php b/typo3/sysext/sys_action/Classes/ActionTask.php
index 8169e2730d90..f275e93cf0db 100644
--- a/typo3/sysext/sys_action/Classes/ActionTask.php
+++ b/typo3/sysext/sys_action/Classes/ActionTask.php
@@ -421,7 +421,7 @@ class ActionTask implements \TYPO3\CMS\Taskcenter\TaskInterface
if (!empty($userList)) {
$content .= '<div class="panel panel-default">';
$content .= '<div class="panel-heading">';
- $content .= '<h3 class="panel-title">' . $this->getLanguageService()->getLL('action_t1_listOfUsers', true) . '</h3>';
+ $content .= '<h3 class="panel-title">' . htmlspecialchars($this->getLanguageService()->getLL('action_t1_listOfUsers')) . '</h3>';
$content .= '</div>';
$content .= '<ul class="list-group">' . implode($userList) . '</ul>';
$content .= '</div>';
@@ -448,7 +448,7 @@ class ActionTask implements \TYPO3\CMS\Taskcenter\TaskInterface
$link = '<a href="' . htmlspecialchars($href) . '">' . htmlspecialchars($username) . '</a>';
// Link to delete the user record
$link .= '
- <a href="' . htmlspecialchars(($href . '&delete=1')) . '" class="t3js-confirm-trigger" data-title="' . $this->getLanguageService()->getLL('lDelete_warning_title', true) . '" data-message="' . $this->getLanguageService()->getLL('lDelete_warning', true) . '">'
+ <a href="' . htmlspecialchars(($href . '&delete=1')) . '" class="t3js-confirm-trigger" data-title="' . htmlspecialchars($this->getLanguageService()->getLL('lDelete_warning_title')) . '" data-message="' . htmlspecialchars($this->getLanguageService()->getLL('lDelete_warning')) . '">'
. $this->iconFactory->getIcon('actions-edit-delete', Icon::SIZE_SMALL)->render() .
'</a>';
return $link;
@@ -797,7 +797,7 @@ class ActionTask implements \TYPO3\CMS\Taskcenter\TaskInterface
. $this->getLanguageService()->getLL(($queryIsEmpty ? 'action_createQuery'
: 'action_editQuery')) . '</a>';
}
- $content .= '<h2>' . $this->getLanguageService()->getLL('action_t2_result', true) . '</h2>' . $actionContent;
+ $content .= '<h2>' . htmlspecialchars($this->getLanguageService()->getLL('action_t2_result')) . '</h2>' . $actionContent;
} else {
// Query is not configured
$this->addMessage(
diff --git a/typo3/sysext/sys_action/Classes/Backend/ToolbarItems/ActionToolbarItem.php b/typo3/sysext/sys_action/Classes/Backend/ToolbarItems/ActionToolbarItem.php
index c8faa284d92b..f0e20937097c 100644
--- a/typo3/sysext/sys_action/Classes/Backend/ToolbarItems/ActionToolbarItem.php
+++ b/typo3/sysext/sys_action/Classes/Backend/ToolbarItems/ActionToolbarItem.php
@@ -52,7 +52,7 @@ class ActionToolbarItem implements ToolbarItemInterface
*/
public function getItem()
{
- $title = $this->getLanguageService()->getLL('action_toolbaritem', true);
+ $title = htmlspecialchars($this->getLanguageService()->getLL('action_toolbaritem'));
return '<span title="' . $title . '">' . $this->iconFactory->getIcon('apps-toolbar-menu-actions', Icon::SIZE_SMALL)->render('inline') . '</span>';
}
diff --git a/typo3/sysext/tstemplate/Classes/Controller/TypoScriptTemplateConstantEditorModuleFunctionController.php b/typo3/sysext/tstemplate/Classes/Controller/TypoScriptTemplateConstantEditorModuleFunctionController.php
index 2ccf67d89578..679f6f2a0a8d 100644
--- a/typo3/sysext/tstemplate/Classes/Controller/TypoScriptTemplateConstantEditorModuleFunctionController.php
+++ b/typo3/sysext/tstemplate/Classes/Controller/TypoScriptTemplateConstantEditorModuleFunctionController.php
@@ -153,7 +153,7 @@ class TypoScriptTemplateConstantEditorModuleFunctionController extends AbstractF
// Resetting the menu (stop)
$iconFactory = GeneralUtility::makeInstance(IconFactory::class);
$content = $iconFactory->getIconForRecord('sys_template', $tplRow, Icon::SIZE_SMALL)->render() . '<strong>' . $this->pObj->linkWrapTemplateTitle($tplRow['title'], 'constants') . '</strong>' . (trim($tplRow['sitetitle']) ? htmlspecialchars(' (' . $tplRow['sitetitle'] . ')') : '');
- $theOutput .= '<h2>' . $lang->getLL('editConstants', true) . '</h2><div>' . $content . '</div>';
+ $theOutput .= '<h2>' . htmlspecialchars($lang->getLL('editConstants')) . '</h2><div>' . $content . '</div>';
if ($manyTemplatesMenu) {
$theOutput .= '<div>' . $manyTemplatesMenu . '</div>';
}
@@ -162,9 +162,9 @@ class TypoScriptTemplateConstantEditorModuleFunctionController extends AbstractF
$menu = '<div class="form-inline form-inline-spaced">';
$menu .= BackendUtility::getDropdownMenu($this->pObj->id, 'SET[constant_editor_cat]', $this->pObj->MOD_SETTINGS['constant_editor_cat'], $this->pObj->MOD_MENU['constant_editor_cat']);
$menu .= '</div>';
- $theOutput .= '<h3>' . $lang->getLL('category', true) . '</h3><div><span class="text-nowrap">' . $menu . '</span></div>';
+ $theOutput .= '<h3>' . htmlspecialchars($lang->getLL('category')) . '</h3><div><span class="text-nowrap">' . $menu . '</span></div>';
} else {
- $theOutput .= '<h3>' . $iconFactory->getIcon('status-dialog-notification', Icon::SIZE_SMALL)->render() . $lang->getLL('noConstants', true) . '</h3><div>' . $lang->getLL('noConstantsDescription', true) . '</div>';
+ $theOutput .= '<h3>' . $iconFactory->getIcon('status-dialog-notification', Icon::SIZE_SMALL)->render() . htmlspecialchars($lang->getLL('noConstants')) . '</h3><div>' . htmlspecialchars($lang->getLL('noConstantsDescription')) . '</div>';
}
$theOutput .= '<div style="padding-top: 15px;"></div>';
// Category and constant editor config:
diff --git a/typo3/sysext/version/Classes/Controller/VersionModuleController.php b/typo3/sysext/version/Classes/Controller/VersionModuleController.php
index 462556cab83c..2148c35c668c 100644
--- a/typo3/sysext/version/Classes/Controller/VersionModuleController.php
+++ b/typo3/sysext/version/Classes/Controller/VersionModuleController.php
@@ -210,7 +210,7 @@ class VersionModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClass
$markers['CONTENT'] = $this->content;
} else {
// If no access or id value, create empty document
- $this->content = '<h2>' . $GLOBALS['LANG']->getLL('clickAPage_header', true) . '</h2><div>' . $GLOBALS['LANG']->getLL('clickAPage_content') . '</div>';
+ $this->content = '<h2>' . htmlspecialchars($GLOBALS['LANG']->getLL('clickAPage_header')) . '</h2><div>' . $GLOBALS['LANG']->getLL('clickAPage_content') . '</div>';
// Setting up the buttons and markers for docheader
$docHeaderButtons = $this->getButtons();
$markers['CONTENT'] = $this->content;
@@ -336,7 +336,7 @@ class VersionModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClass
<th title="' . $GLOBALS['LANG']->getLL('tblHeaderDesc_t3ver_oid') . '"><i>' . $GLOBALS['LANG']->getLL('tblHeader_t3ver_oid') . '</i></th>
<th title="' . $GLOBALS['LANG']->getLL('tblHeaderDesc_t3ver_id') . '"><i>' . $GLOBALS['LANG']->getLL('tblHeader_t3ver_id') . '</i></th>
<th title="' . $GLOBALS['LANG']->getLL('tblHeaderDesc_t3ver_wsid') . '"><i>' . $GLOBALS['LANG']->getLL('tblHeader_t3ver_wsid') . '</i></th>
- <th title="' . $GLOBALS['LANG']->getLL('tblHeaderDesc_t3ver_state', true) . '"><i>' . $GLOBALS['LANG']->getLL('tblHeader_t3ver_state') . '</i></th>
+ <th title="' . htmlspecialchars($GLOBALS['LANG']->getLL('tblHeaderDesc_t3ver_state')) . '"><i>' . $GLOBALS['LANG']->getLL('tblHeader_t3ver_state') . '</i></th>
<th title="' . $GLOBALS['LANG']->getLL('tblHeaderDesc_t3ver_stage') . '"><i>' . $GLOBALS['LANG']->getLL('tblHeader_t3ver_stage') . '</i></th>
<th title="' . $GLOBALS['LANG']->getLL('tblHeaderDesc_t3ver_count') . '"><i>' . $GLOBALS['LANG']->getLL('tblHeader_t3ver_count') . '</i></th>
<th title="' . $GLOBALS['LANG']->getLL('tblHeaderDesc_pid') . '"><i>' . $GLOBALS['LANG']->getLL('tblHeader_pid') . '</i></th>
@@ -368,8 +368,8 @@ class VersionModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClass
<tr' . ($row['uid'] != $this->uid ? '' : ' class="active"') . '>
<td class="col-icon">' .
($row['uid'] != $this->uid ?
- '<a href="' . BackendUtility::getLinkToDataHandlerAction('&cmd[' . $this->table . '][' . $this->uid . '][version][swapWith]=' . $row['uid'] . '&cmd[' . $this->table . '][' . $this->uid . '][version][action]=swap') . '" title="' . $GLOBALS['LANG']->getLL('swapWithCurrent', true) . '">' . $this->moduleTemplate->getIconFactory()->getIcon('actions-version-swap-version', Icon::SIZE_SMALL)->render() . '</a>' :
- '<span title="' . $GLOBALS['LANG']->getLL('currentOnlineVersion', true) . '">' . $this->moduleTemplate->getIconFactory()->getIcon('status-status-current', Icon::SIZE_SMALL)->render() . '</span>'
+ '<a href="' . BackendUtility::getLinkToDataHandlerAction('&cmd[' . $this->table . '][' . $this->uid . '][version][swapWith]=' . $row['uid'] . '&cmd[' . $this->table . '][' . $this->uid . '][version][action]=swap') . '" title="' . htmlspecialchars($GLOBALS['LANG']->getLL('swapWithCurrent')) . '">' . $this->moduleTemplate->getIconFactory()->getIcon('actions-version-swap-version', Icon::SIZE_SMALL)->render() . '</a>' :
+ '<span title="' . htmlspecialchars($GLOBALS['LANG']->getLL('currentOnlineVersion')) . '">' . $this->moduleTemplate->getIconFactory()->getIcon('status-status-current', Icon::SIZE_SMALL)->render() . '</span>'
) . '
</td>
<td class="col-icon">' . $this->moduleTemplate->getIconFactory()->getIconForRecord($this->table, $row, Icon::SIZE_SMALL)->render() . '</td>
@@ -411,7 +411,7 @@ class VersionModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClass
</div>
</div>
</form>';
- $this->content .= '<h2>' . $GLOBALS['LANG']->getLL('title', true) . '</h2><div>' . $content . '</div>';
+ $this->content .= '<h2>' . htmlspecialchars($GLOBALS['LANG']->getLL('title')) . '</h2><div>' . $content . '</div>';
// Create new:
$content = '
<form action="' . htmlspecialchars(BackendUtility::getModuleUrl('tce_db')) . '" method="post">
@@ -432,7 +432,7 @@ class VersionModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClass
</form>
';
- $this->content .= '<h2>' . $GLOBALS['LANG']->getLL('createNewVersion', true) . '</h2><div>' . $content . '</div>';
+ $this->content .= '<h2>' . htmlspecialchars($GLOBALS['LANG']->getLL('createNewVersion')) . '</h2><div>' . $content . '</div>';
}
/**
--
GitLab