From cb9ce2025bf0f112d33a438df8dab3413647df5f Mon Sep 17 00:00:00 2001
From: Alexey Gafiulov <gafiulov@i-tribe.de>
Date: Tue, 10 Dec 2013 20:55:50 +0600
Subject: [PATCH] [BUGFIX] Missing encoding in flexforms IRRE javascript

encodeURIComponent is added to escape all special characters in
parameters for AJAX call.

Resolves: #54304
Releases: 6.2, 6.1, 6.0
Change-Id: I3559104e1a26241b519f40a10000637852a4f114
Reviewed-on: https://review.typo3.org/26283
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
---
 .../backend/Resources/Public/JavaScript/jsfunc.inline.js  | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/typo3/sysext/backend/Resources/Public/JavaScript/jsfunc.inline.js b/typo3/sysext/backend/Resources/Public/JavaScript/jsfunc.inline.js
index 37fe19b52786..9296116ce094 100644
--- a/typo3/sysext/backend/Resources/Public/JavaScript/jsfunc.inline.js
+++ b/typo3/sysext/backend/Resources/Public/JavaScript/jsfunc.inline.js
@@ -192,12 +192,12 @@ var inline = {
 		var max, url='', urlParams='', options={};
 		if (method && params && params.length && this.lockAjaxMethod(method, lock)) {
 			url = TBE_EDITOR.getBackendPath() + 'ajax.php';
-			urlParams = '&ajaxID=t3lib_TCEforms_inline::'+method;
+			urlParams = '&ajaxID=' + encodeURIComponent('t3lib_TCEforms_inline::' + method);
 			for (var i=0, max=params.length; i<max; i++) {
-				urlParams += '&ajax['+i+']='+params[i];
+				urlParams += '&ajax[' + i + ']=' + encodeURIComponent(params[i]);
 			}
 			if (context) {
-				urlParams += '&ajax[context]=' + Object.toJSON(context);
+				urlParams += '&ajax[context]=' + encodeURIComponent(Object.toJSON(context));
 			}
 			options = {
 				method:		'post',
@@ -1261,4 +1261,4 @@ Object.extend(Array.prototype, {
 	$(function() {
 		$(document).delegate('div.t3-form-field-header-inline', 'click', inline.toggleEvent);
 	});
-})(TYPO3.jQuery);
\ No newline at end of file
+})(TYPO3.jQuery);
-- 
GitLab