From ca91b4cff3cddf6da5d107f4a30efe2ab8d11b5c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stephan=20Gro=C3=9Fberndt?= <stephan@grossberndt.de>
Date: Sat, 16 Dec 2017 14:10:40 +0100
Subject: [PATCH] [BUGFIX] Add missing htmlspecialchars() and cleanup in
EXT:recordlist
Add missing htmlspecialchars() calls in EXT:recordlist and do cleanup.
Resolves: #83358
Releases: master, 8.7
Change-Id: If441da15bd0b37ca94121b3787457dddde9380bf
Reviewed-on: https://review.typo3.org/55117
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
---
.../Controller/AbstractLinkBrowserController.php | 15 ++++++---------
.../Classes/LinkHandler/PageLinkHandler.php | 2 +-
.../Classes/RecordList/DatabaseRecordList.php | 8 ++++----
.../Tree/View/ElementBrowserPageTreeView.php | 4 ++--
4 files changed, 13 insertions(+), 16 deletions(-)
diff --git a/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php b/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php
index 08246c09409c..7cf137e0648d 100644
--- a/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php
+++ b/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php
@@ -171,14 +171,11 @@ abstract class AbstractLinkBrowserController
$options = '';
foreach ($menuData as $id => $def) {
- $class = $def['isActive'] ? 'active' : '';
- $label = $def['label'];
- $url = htmlspecialchars($def['url']);
- $params = $def['addParams'];
-
- $options .= '<li class="' . $class . '">' .
- '<a href="' . $url . '" ' . $params . '>' . $label . '</a>' .
- '</li>';
+ $class = $def['isActive'] ? ' class="active"' : '';
+
+ $options .= '<li' . $class . '>'
+ . '<a href="' . htmlspecialchars($def['url']) . '" ' . $def['addParams'] . '>' . htmlspecialchars($def['label']) . '</a>'
+ . '</li>';
}
$content .= '<div class="element-browser-panel element-browser-tabs"><ul class="nav nav-tabs" role="tablist">' .
@@ -381,7 +378,7 @@ abstract class AbstractLinkBrowserController
$addParams = $configuration['addParams'];
} else {
$parameters = GeneralUtility::implodeArrayForUrl('', $this->getUrlParameters(['act' => $identifier]));
- $addParams = 'onclick="jumpToUrl(' . GeneralUtility::quoteJSvalue('?' . ltrim($parameters, '&')) . ');return false;"';
+ $addParams = 'onclick="jumpToUrl(' . htmlspecialchars(GeneralUtility::quoteJSvalue('?' . ltrim($parameters, '&'))) . ');return false;"';
}
$menuDef[$identifier] = [
'isActive' => $isActive,
diff --git a/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php b/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php
index 15f6a6e0e117..874973110686 100644
--- a/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php
+++ b/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php
@@ -110,7 +110,7 @@ class PageLinkHandler extends AbstractLinkHandler implements LinkHandlerInterfac
$lang = $this->getLanguageService();
$titleLen = (int)$this->getBackendUser()->uc['titleLen'];
- $id = $this->linkParts['url']['pageuid'];
+ $id = (int)$this->linkParts['url']['pageuid'];
$pageRow = BackendUtility::getRecordWSOL('pages', $id);
return htmlspecialchars($lang->getLL('page'))
diff --git a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
index ae03dfd2c240..9609ca81ecb3 100644
--- a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
+++ b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
@@ -1827,8 +1827,8 @@ class DatabaseRecordList
}
$pageNumberInput = '
<input type="number" min="1" max="' . $totalPages . '" value="' . $currentPage . '" size="3" class="form-control input-sm paginator-input" id="jumpPage-' . $renderPart . '" name="jumpPage-'
- . $renderPart . '" onkeyup="if (event.keyCode == 13) { document.dblistForm.action=' . GeneralUtility::quoteJSvalue($listURL
- . '&pointer=') . '+calculatePointer(this.value); document.dblistForm.submit(); } return true;" />
+ . $renderPart . '" onkeyup="if (event.keyCode == 13) { document.dblistForm.action=' . htmlspecialchars(GeneralUtility::quoteJSvalue($listURL . '&pointer='))
+ . '+calculatePointer(this.value); document.dblistForm.submit(); } return true;" />
';
$pageIndicatorText = sprintf(
$this->getLanguageService()->sL('LLL:EXT:lang/Resources/Private/Language/locallang_mod_web_list.xlf:pageIndicator'),
@@ -3548,7 +3548,7 @@ class DatabaseRecordList
case 'info':
// "Info": (All records)
$code = '<a href="#" onclick="' . htmlspecialchars(
- ('top.launchView(\'' . $table . '\', \'' . $row['uid'] . '\'); return false;')
+ ('top.launchView(' . GeneralUtility::quoteJSvalue($table) . ', ' . (int)$row['uid'] . '); return false;')
) . '" title="' . htmlspecialchars($lang->getLL('showInfo')) . '">' . $code . '</a>';
break;
default:
@@ -3556,7 +3556,7 @@ class DatabaseRecordList
if ($table === 'pages') {
$code = '<a href="' . htmlspecialchars(
$this->listURL($uid, '', 'firstElementNumber')
- ) . '" onclick="setHighlight(' . $uid . ')">' . $code . '</a>';
+ ) . '" onclick="setHighlight(' . (int)$uid . ')">' . $code . '</a>';
} else {
$code = $this->linkUrlMail($code, $origCode);
}
diff --git a/typo3/sysext/recordlist/Classes/Tree/View/ElementBrowserPageTreeView.php b/typo3/sysext/recordlist/Classes/Tree/View/ElementBrowserPageTreeView.php
index 7f6ad5a26c5e..5f558ef666ce 100644
--- a/typo3/sysext/recordlist/Classes/Tree/View/ElementBrowserPageTreeView.php
+++ b/typo3/sysext/recordlist/Classes/Tree/View/ElementBrowserPageTreeView.php
@@ -38,10 +38,10 @@ class ElementBrowserPageTreeView extends \TYPO3\CMS\Backend\Tree\View\ElementBro
/**
* Wrapping the title in a link, if applicable.
*
- * @param string $title Title, ready for output.
+ * @param string $title Title, ready for output (already html-escaped)
* @param array $v The record
* @param bool $ext_pArrPages If set, pages clicked will return immediately, otherwise reload page.
- * @return string Wrapping title string.
+ * @return string Wrapped title string
*/
public function wrapTitle($title, $v, $ext_pArrPages = false)
{
--
GitLab