diff --git a/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php b/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php
index 08246c09409cce1f2bbdac5fbf37c32b258d3f3a..7cf137e0648de09b8cf26a46fe3e95fa075c1c48 100644
--- a/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php
+++ b/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php
@@ -171,14 +171,11 @@ abstract class AbstractLinkBrowserController
$options = '';
foreach ($menuData as $id => $def) {
- $class = $def['isActive'] ? 'active' : '';
- $label = $def['label'];
- $url = htmlspecialchars($def['url']);
- $params = $def['addParams'];
-
- $options .= '<li class="' . $class . '">' .
- '<a href="' . $url . '" ' . $params . '>' . $label . '</a>' .
- '</li>';
+ $class = $def['isActive'] ? ' class="active"' : '';
+
+ $options .= '<li' . $class . '>'
+ . '<a href="' . htmlspecialchars($def['url']) . '" ' . $def['addParams'] . '>' . htmlspecialchars($def['label']) . '</a>'
+ . '</li>';
}
$content .= '<div class="element-browser-panel element-browser-tabs"><ul class="nav nav-tabs" role="tablist">' .
@@ -381,7 +378,7 @@ abstract class AbstractLinkBrowserController
$addParams = $configuration['addParams'];
} else {
$parameters = GeneralUtility::implodeArrayForUrl('', $this->getUrlParameters(['act' => $identifier]));
- $addParams = 'onclick="jumpToUrl(' . GeneralUtility::quoteJSvalue('?' . ltrim($parameters, '&')) . ');return false;"';
+ $addParams = 'onclick="jumpToUrl(' . htmlspecialchars(GeneralUtility::quoteJSvalue('?' . ltrim($parameters, '&'))) . ');return false;"';
}
$menuDef[$identifier] = [
'isActive' => $isActive,
diff --git a/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php b/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php
index 15f6a6e0e11705adea6ee559640087dc5d68e60f..87497311068627059401fc62ed382c46272e2d90 100644
--- a/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php
+++ b/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php
@@ -110,7 +110,7 @@ class PageLinkHandler extends AbstractLinkHandler implements LinkHandlerInterfac
$lang = $this->getLanguageService();
$titleLen = (int)$this->getBackendUser()->uc['titleLen'];
- $id = $this->linkParts['url']['pageuid'];
+ $id = (int)$this->linkParts['url']['pageuid'];
$pageRow = BackendUtility::getRecordWSOL('pages', $id);
return htmlspecialchars($lang->getLL('page'))
diff --git a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
index ae03dfd2c240b84701ef3e8732dbe109031cac9f..9609ca81ecb3630f38b86f95aacdcaf8734f86aa 100644
--- a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
+++ b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
@@ -1827,8 +1827,8 @@ class DatabaseRecordList
}
$pageNumberInput = '
<input type="number" min="1" max="' . $totalPages . '" value="' . $currentPage . '" size="3" class="form-control input-sm paginator-input" id="jumpPage-' . $renderPart . '" name="jumpPage-'
- . $renderPart . '" onkeyup="if (event.keyCode == 13) { document.dblistForm.action=' . GeneralUtility::quoteJSvalue($listURL
- . '&pointer=') . '+calculatePointer(this.value); document.dblistForm.submit(); } return true;" />
+ . $renderPart . '" onkeyup="if (event.keyCode == 13) { document.dblistForm.action=' . htmlspecialchars(GeneralUtility::quoteJSvalue($listURL . '&pointer='))
+ . '+calculatePointer(this.value); document.dblistForm.submit(); } return true;" />
';
$pageIndicatorText = sprintf(
$this->getLanguageService()->sL('LLL:EXT:lang/Resources/Private/Language/locallang_mod_web_list.xlf:pageIndicator'),
@@ -3548,7 +3548,7 @@ class DatabaseRecordList
case 'info':
// "Info": (All records)
$code = '<a href="#" onclick="' . htmlspecialchars(
- ('top.launchView(\'' . $table . '\', \'' . $row['uid'] . '\'); return false;')
+ ('top.launchView(' . GeneralUtility::quoteJSvalue($table) . ', ' . (int)$row['uid'] . '); return false;')
) . '" title="' . htmlspecialchars($lang->getLL('showInfo')) . '">' . $code . '</a>';
break;
default:
@@ -3556,7 +3556,7 @@ class DatabaseRecordList
if ($table === 'pages') {
$code = '<a href="' . htmlspecialchars(
$this->listURL($uid, '', 'firstElementNumber')
- ) . '" onclick="setHighlight(' . $uid . ')">' . $code . '</a>';
+ ) . '" onclick="setHighlight(' . (int)$uid . ')">' . $code . '</a>';
} else {
$code = $this->linkUrlMail($code, $origCode);
}
diff --git a/typo3/sysext/recordlist/Classes/Tree/View/ElementBrowserPageTreeView.php b/typo3/sysext/recordlist/Classes/Tree/View/ElementBrowserPageTreeView.php
index 7f6ad5a26c5ecd82687da2092dcb84d531c67b7f..5f558ef666ce953525dbde460cece5c72e977311 100644
--- a/typo3/sysext/recordlist/Classes/Tree/View/ElementBrowserPageTreeView.php
+++ b/typo3/sysext/recordlist/Classes/Tree/View/ElementBrowserPageTreeView.php
@@ -38,10 +38,10 @@ class ElementBrowserPageTreeView extends \TYPO3\CMS\Backend\Tree\View\ElementBro
/**
* Wrapping the title in a link, if applicable.
*
- * @param string $title Title, ready for output.
+ * @param string $title Title, ready for output (already html-escaped)
* @param array $v The record
* @param bool $ext_pArrPages If set, pages clicked will return immediately, otherwise reload page.
- * @return string Wrapping title string.
+ * @return string Wrapped title string
*/
public function wrapTitle($title, $v, $ext_pArrPages = false)
{