diff --git a/typo3/sysext/backend/Classes/ContextMenu/AbstractContextMenuDataProvider.php b/typo3/sysext/backend/Classes/ContextMenu/AbstractContextMenuDataProvider.php
index 047305314754303876a0393e30e856390520741b..384ec66cb79f7b449fc36537fed911a8188ad080 100644
--- a/typo3/sysext/backend/Classes/ContextMenu/AbstractContextMenuDataProvider.php
+++ b/typo3/sysext/backend/Classes/ContextMenu/AbstractContextMenuDataProvider.php
@@ -185,7 +185,7 @@ abstract class AbstractContextMenuDataProvider
unset($action);
continue;
}
- $label = $this->getLanguageService()->sL($actionConfiguration['label'], true);
+ $label = htmlspecialchars($this->getLanguageService()->sL($actionConfiguration['label']));
if ($type === 'SUBMENU') {
$action->setType('submenu');
$action->setChildActions($this->getNextContextMenuLevel($actionConfiguration, $node, $level + 1));
diff --git a/typo3/sysext/backend/Classes/Controller/EditDocumentController.php b/typo3/sysext/backend/Classes/Controller/EditDocumentController.php
index dd31b09dea1dcf21a898ab7bd8da68bd7a0f8574..48c054e0d2883a928982e0740f6e51e9219eea41 100644
--- a/typo3/sysext/backend/Classes/Controller/EditDocumentController.php
+++ b/typo3/sysext/backend/Classes/Controller/EditDocumentController.php
@@ -1168,7 +1168,7 @@ class EditDocumentController extends AbstractModule
// Create message from exception.
$message = $e->getMessage() . ' ' . $e->getCode();
}
- $editForm .= $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.noEditPermission', true)
+ $editForm .= htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.noEditPermission'))
. '<br /><br />' . htmlspecialchars($message) . '<br /><br />';
}
} // End of for each uid
@@ -1576,7 +1576,7 @@ class EditDocumentController extends AbstractModule
));
foreach ($langRows as $lang) {
if ($this->getBackendUser()->checkLanguageAccess($lang['uid'])) {
- $newTranslation = isset($rowsByLang[$lang['uid']]) ? '' : ' [' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.new', true) . ']';
+ $newTranslation = isset($rowsByLang[$lang['uid']]) ? '' : ' [' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.new')) . ']';
// Create url for creating a localized record
if ($newTranslation) {
$redirectUrl = BackendUtility::getModuleUrl('record_edit', array(
diff --git a/typo3/sysext/backend/Classes/Controller/File/CreateFolderController.php b/typo3/sysext/backend/Classes/Controller/File/CreateFolderController.php
index 87ef805aaaaa25fe757ad3ba1acebbd4b76d2683..50208c5f0dbcd128e94db7c86611550d3bc4a2c6 100644
--- a/typo3/sysext/backend/Classes/Controller/File/CreateFolderController.php
+++ b/typo3/sysext/backend/Classes/Controller/File/CreateFolderController.php
@@ -107,8 +107,8 @@ class CreateFolderController extends AbstractModule
}
// Cleaning and checking target directory
if (!$this->folderObject) {
- $title = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError', true);
- $message = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir', true);
+ $title = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError'));
+ $message = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir'));
throw new \RuntimeException($title . ': ' . $message, 1294586845);
}
if ($this->folderObject->getStorage()->getUid() === 0) {
@@ -207,13 +207,13 @@ class CreateFolderController extends AbstractModule
// Making submit button for folder creation:
$code .= '
</div><div class="form-group">
- <input class="btn btn-default" type="submit" value="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.submit', true) . '" />
+ <input class="btn btn-default" type="submit" value="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.submit')) . '" />
<input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
</div>
';
// Switching form tags:
- $pageContent .= '<h3>' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfolders', true) . '</h3>';
+ $pageContent .= '<h3>' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfolders')) . '</h3>';
$pageContent .= '<div>' . $code . '</form></div>';
}
@@ -232,14 +232,14 @@ class CreateFolderController extends AbstractModule
<div class="form-group">
<div class="form-section">
<div class="form-group">
- <label for="newMedia">' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.label', true) . '</label> ' . BackendUtility::cshItem('xMOD_csh_corebe', 'file_newMedia') . '
+ <label for="newMedia">' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.label')) . '</label> ' . BackendUtility::cshItem('xMOD_csh_corebe', 'file_newMedia') . '
<div class="form-control-wrap">
<input class="form-control" type="text" id="newMedia" name="file[newMedia][0][url]"
- placeholder="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.placeholder', true) . '" />
+ placeholder="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.placeholder')) . '" />
<input type="hidden" name="file[newMedia][0][target]" value="' . htmlspecialchars($this->target) . '" />
</div>
<div class="help-block">
- ' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.allowedProviders', true) . '<br>
+ ' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.allowedProviders')) . '<br>
' . implode(' ', $fileExtList) . '
</div>
</div>
@@ -249,11 +249,11 @@ class CreateFolderController extends AbstractModule
// Submit button for creation of a new media:
$code .= '
<div class="form-group">
- <input class="btn btn-default" type="submit" value="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.submit', true) . '" />
+ <input class="btn btn-default" type="submit" value="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.submit')) . '" />
<input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
</div>
';
- $pageContent .= '<h3>' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media', true) . '</h3>';
+ $pageContent .= '<h3>' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media')) . '</h3>';
$pageContent .= '<div>' . $code . '</div>';
$pageContent .= '</form>';
@@ -271,13 +271,13 @@ class CreateFolderController extends AbstractModule
<div class="form-group">
<div class="form-section">
<div class="form-group">
- <label for="newfile">' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.label_newfile', true) . '</label> ' . BackendUtility::cshItem('xMOD_csh_corebe', 'file_newfile') . '
+ <label for="newfile">' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.label_newfile')) . '</label> ' . BackendUtility::cshItem('xMOD_csh_corebe', 'file_newfile') . '
<div class="form-control-wrap">
<input class="form-control" type="text" id="newfile" name="file[newfile][0][data]" onchange="changed=true;" />
<input type="hidden" name="file[newfile][0][target]" value="' . htmlspecialchars($this->target) . '" />
</div>
<div class="help-block">
- ' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:cm.allowedFileExtensions', true) . '<br>
+ ' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:cm.allowedFileExtensions')) . '<br>
' . implode(' ', $fileExtList) . '
</div>
</div>
@@ -287,11 +287,11 @@ class CreateFolderController extends AbstractModule
// Submit button for "creation of a new file":
$code .= '
<div class="form-group">
- <button class="btn btn-default" name="edit" type="submit" value="1">' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfile_submit', true) . '</button>
+ <button class="btn btn-default" name="edit" type="submit" value="1">' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfile_submit')) . '</button>
<input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
</div>
';
- $pageContent .= '<h3>' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfile', true) . '</h3>';
+ $pageContent .= '<h3>' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfile')) . '</h3>';
$pageContent .= '<div>' . $code . '</div>';
$pageContent .= '</form>';
}
diff --git a/typo3/sysext/backend/Classes/Controller/File/FileUploadController.php b/typo3/sysext/backend/Classes/Controller/File/FileUploadController.php
index 7b38469c17287c4918ea8e3348378fd5f6dc79ee..4ca56195e147696f59b1ec302ada9b60cee953d6 100644
--- a/typo3/sysext/backend/Classes/Controller/File/FileUploadController.php
+++ b/typo3/sysext/backend/Classes/Controller/File/FileUploadController.php
@@ -103,8 +103,8 @@ class FileUploadController extends AbstractModule
// Cleaning and checking target directory
if (!$this->folderObject) {
- $title = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError', true);
- $message = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir', true);
+ $title = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError'));
+ $message = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir'));
throw new \RuntimeException($title . ': ' . $message, 1294586843);
}
@@ -192,7 +192,7 @@ class FileUploadController extends AbstractModule
$content .= '
<div id="c-submit">
<input type="hidden" name="redirect" value="' . $this->returnUrl . '" /><br />
- <input class="btn btn-default" type="submit" value="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.php.submit', true) . '" />
+ <input class="btn btn-default" type="submit" value="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.php.submit')) . '" />
</div>
';
return $content;
diff --git a/typo3/sysext/backend/Classes/Controller/File/RenameFileController.php b/typo3/sysext/backend/Classes/Controller/File/RenameFileController.php
index 56d42526f0beac026aba62aff4d6c17719264873..99190f010a7e4e3090a1994dd341cfc212224494 100644
--- a/typo3/sysext/backend/Classes/Controller/File/RenameFileController.php
+++ b/typo3/sysext/backend/Classes/Controller/File/RenameFileController.php
@@ -88,8 +88,8 @@ class RenameFileController extends AbstractModule
$this->fileOrFolderObject = \TYPO3\CMS\Core\Resource\ResourceFactory::getInstance()->retrieveFileOrFolderObject($this->target);
}
if (!$this->fileOrFolderObject) {
- $title = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError', true);
- $message = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir', true);
+ $title = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError'));
+ $message = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir'));
throw new \RuntimeException($title . ': ' . $message, 1294586844);
}
if ($this->fileOrFolderObject->getStorage()->getUid() === 0) {
@@ -151,9 +151,9 @@ class RenameFileController extends AbstractModule
$pageContent .= '
<div class="form-group">
<input class="btn btn-primary" type="submit" value="' .
- $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:file_rename.php.submit', true) . '" />
+ htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:file_rename.php.submit')) . '" />
<input class="btn btn-danger" type="submit" value="' .
- $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.cancel', true) .
+ htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.cancel')) .
'" onclick="backToList(); return false;" />
<input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
</div>
diff --git a/typo3/sysext/backend/Classes/Controller/File/ReplaceFileController.php b/typo3/sysext/backend/Classes/Controller/File/ReplaceFileController.php
index de654d78e7868533e98c736b43b3f4c8e33b5a02..3574e01412fddbcd5c3d9a315daab013fbc4f208 100644
--- a/typo3/sysext/backend/Classes/Controller/File/ReplaceFileController.php
+++ b/typo3/sysext/backend/Classes/Controller/File/ReplaceFileController.php
@@ -104,8 +104,8 @@ class ReplaceFileController extends AbstractModule
->retrieveFileOrFolderObject('file:' . $this->uid);
}
if (!$this->fileOrFolderObject) {
- $title = $lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError', true);
- $message = $lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir', true);
+ $title = htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError'));
+ $message = htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir'));
throw new \RuntimeException($title . ': ' . $message, 1436895930);
}
if ($this->fileOrFolderObject->getStorage()->getUid() === 0) {
@@ -187,9 +187,9 @@ class ReplaceFileController extends AbstractModule
$code .= '
<div class="form-group">
<input class="btn btn-primary" type="submit" value="'
- . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_replace.php.submit', true) . '" />
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_replace.php.submit')) . '" />
<input class="btn btn-danger" type="submit" value="'
- . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.cancel', true)
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.cancel'))
. '" onclick="backToList(); return false;" />
<input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
</div>
diff --git a/typo3/sysext/backend/Classes/Controller/NewRecordController.php b/typo3/sysext/backend/Classes/Controller/NewRecordController.php
index d6c5cef3fd392c824a5ed09adb94f4e28e3e027a..c36eb2c522d02a72039abfef0132a520b655a4a5 100644
--- a/typo3/sysext/backend/Classes/Controller/NewRecordController.php
+++ b/typo3/sysext/backend/Classes/Controller/NewRecordController.php
@@ -451,11 +451,11 @@ class NewRecordController extends AbstractModule
$newPageLinks = array();
if ($displayNewPagesIntoLink && $this->isTableAllowedForThisPage($this->pageinfo, 'pages') && $this->getBackendUserAuthentication()->check('tables_modify', 'pages') && $this->getBackendUserAuthentication()->workspaceCreateNewRecord(($this->pageinfo['_ORIG_uid'] ?: $this->id), 'pages')) {
// Create link to new page inside:
- $newPageLinks[] = $this->linkWrap($this->moduleTemplate->getIconFactory()->getIconForRecord($table, array(), Icon::SIZE_SMALL)->render() . $lang->sL($v['ctrl']['title'], true) . ' (' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:db_new.php.inside', true) . ')', $table, $this->id);
+ $newPageLinks[] = $this->linkWrap($this->moduleTemplate->getIconFactory()->getIconForRecord($table, array(), Icon::SIZE_SMALL)->render() . htmlspecialchars($lang->sL($v['ctrl']['title'])) . ' (' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:db_new.php.inside')) . ')', $table, $this->id);
}
// New pages AFTER this pages
if ($displayNewPagesAfterLink && $this->isTableAllowedForThisPage($this->pidInfo, 'pages') && $this->getBackendUserAuthentication()->check('tables_modify', 'pages') && $this->getBackendUserAuthentication()->workspaceCreateNewRecord($this->pidInfo['uid'], 'pages')) {
- $newPageLinks[] = $this->linkWrap($pageIcon . $lang->sL($v['ctrl']['title'], true) . ' (' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:db_new.php.after', true) . ')', 'pages', -$this->id);
+ $newPageLinks[] = $this->linkWrap($pageIcon . htmlspecialchars($lang->sL($v['ctrl']['title'])) . ' (' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:db_new.php.after')) . ')', 'pages', -$this->id);
}
// New pages at selection position
if ($this->newPagesSelectPosition && $this->showNewRecLink('pages')) {
@@ -494,7 +494,7 @@ class NewRecordController extends AbstractModule
$rowContent = '';
$thisTitle = '';
// Create new link for record:
- $newLink = $this->linkWrap($newRecordIcon . $lang->sL($v['ctrl']['title'], true), $table, $this->id);
+ $newLink = $this->linkWrap($newRecordIcon . htmlspecialchars($lang->sL($v['ctrl']['title'])), $table, $this->id);
// If the table is 'tt_content', create link to wizard
if ($table == 'tt_content') {
$groupName = $lang->getLL('createNewContent');
diff --git a/typo3/sysext/backend/Classes/Controller/PageLayoutController.php b/typo3/sysext/backend/Classes/Controller/PageLayoutController.php
index 0db89a5454ab23a8c120c7138a125d403fb96d78..f863ae6049c603b813f9b32da2e764fc27643fe8 100755
--- a/typo3/sysext/backend/Classes/Controller/PageLayoutController.php
+++ b/typo3/sysext/backend/Classes/Controller/PageLayoutController.php
@@ -1493,7 +1493,7 @@ class PageLayoutController
->setHref('#');
$quickEditMenu->addMenuItem($menuItem);
$menuItem = $quickEditMenu->makeMenuItem()
- ->setTitle('__' . $lang->sL(BackendUtility::getLabelFromItemlist('tt_content', 'colPos', $colPos), true) . ':__')
+ ->setTitle('__' . htmlspecialchars($lang->sL(BackendUtility::getLabelFromItemlist('tt_content', 'colPos', $colPos))) . ':__')
->setHref(BackendUtility::getModuleUrl($this->moduleName) . '&id=' . $this->id . '&edit_record=_EDIT_COL:' . $colPos . $retUrlStr);
$quickEditMenu->addMenuItem($menuItem);
}
@@ -1545,7 +1545,7 @@ class PageLayoutController
$lang = $this->getLanguageService();
$languageMenu = $this->moduleTemplate->getDocHeaderComponent()->getMenuRegistry()->makeMenu();
$languageMenu->setIdentifier('languageMenu');
- $languageMenu->setLabel($lang->sL('LLL:EXT:lang/locallang_general.xlf:LGL.language', true));
+ $languageMenu->setLabel(htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_general.xlf:LGL.language')));
foreach ($this->MOD_MENU['language'] as $key => $language) {
$menuItem = $languageMenu
->makeMenuItem()
diff --git a/typo3/sysext/backend/Classes/Template/DocumentTemplate.php b/typo3/sysext/backend/Classes/Template/DocumentTemplate.php
index 54c9ed108f288ed5b057d1ade07e3c140e49f6c6..b55ec7e1652b4ad1cd97e9e3d8da0228985bc169 100644
--- a/typo3/sysext/backend/Classes/Template/DocumentTemplate.php
+++ b/typo3/sysext/backend/Classes/Template/DocumentTemplate.php
@@ -479,7 +479,7 @@ function jumpToUrl(URL) {
', ' . $url . ', ' . $confirmationText . ', ' . $motherModule . ', this);return false;';
return '<a href="#" class="' . htmlspecialchars($classes) . '" onclick="' . htmlspecialchars($onClick) . '" title="' .
- $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.makeBookmark', true) . '">' .
+ htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.makeBookmark')) . '">' .
$this->iconFactory->getIcon('actions-system-shortcut-new', Icon::SIZE_SMALL)->render() . '</a>';
}
@@ -1440,7 +1440,7 @@ function jumpToUrl(URL) {
$title = '';
}
// Setting the path of the page
- $pagePath = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.path', true) . ': <span class="typo3-docheader-pagePath">';
+ $pagePath = htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.path')) . ': <span class="typo3-docheader-pagePath">';
// crop the title to title limit (or 50, if not defined)
$cropLength = empty($GLOBALS['BE_USER']->uc['titleLen']) ? 50 : $GLOBALS['BE_USER']->uc['titleLen'];
$croppedTitle = GeneralUtility::fixed_lgd_cs($title, -$cropLength);
diff --git a/typo3/sysext/backend/Classes/Template/ModuleTemplate.php b/typo3/sysext/backend/Classes/Template/ModuleTemplate.php
index 10c4c6bb23c8c51e0bc841382708e8b9b07703e4..5a5964487980fcfb3d5b46170bb813a9c4d17d8f 100644
--- a/typo3/sysext/backend/Classes/Template/ModuleTemplate.php
+++ b/typo3/sysext/backend/Classes/Template/ModuleTemplate.php
@@ -548,7 +548,7 @@ class ModuleTemplate
', ' . $url . ', ' . $confirmationText . ', ' . $motherModule . ', this, ' . GeneralUtility::quoteJSvalue($displayName) . ');return false;';
return '<a href="#" class="' . htmlspecialchars($classes) . '" onclick="' . htmlspecialchars($onClick) . '" title="' .
- $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.makeBookmark', true) . '">' .
+ htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.makeBookmark')) . '">' .
$this->iconFactory->getIcon('actions-system-shortcut-new', Icon::SIZE_SMALL)->render() . '</a>';
}
diff --git a/typo3/sysext/backend/Classes/Utility/BackendUtility.php b/typo3/sysext/backend/Classes/Utility/BackendUtility.php
index 38edb6660cd654bed2c55d8b07274cca20fbd5e0..5150d2b082e0cfa401679838065159563668a230 100755
--- a/typo3/sysext/backend/Classes/Utility/BackendUtility.php
+++ b/typo3/sysext/backend/Classes/Utility/BackendUtility.php
@@ -1955,7 +1955,7 @@ class BackendUtility
*/
public static function getNoRecordTitle($prep = false)
{
- $noTitle = '[' . static::getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title', true) . ']';
+ $noTitle = '[' . htmlspecialchars(static::getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title')) . ']';
if ($prep) {
$noTitle = '<em>' . $noTitle . '</em>';
}
diff --git a/typo3/sysext/frontend/Classes/Controller/TranslationStatusController.php b/typo3/sysext/frontend/Classes/Controller/TranslationStatusController.php
index b46f1d18281a40825b108e2dcf0c27aa030c9238..b45f9368aff08f53b52c0f7444c398d14a89176e 100644
--- a/typo3/sysext/frontend/Classes/Controller/TranslationStatusController.php
+++ b/typo3/sysext/frontend/Classes/Controller/TranslationStatusController.php
@@ -163,8 +163,8 @@ class TranslationStatusController extends \TYPO3\CMS\Backend\Module\AbstractFunc
) . '">' . $this->iconFactory->getIcon('actions-document-open', Icon::SIZE_SMALL)->render() . '</a>';
$info .= str_replace('###LANG_UID###', '0', $viewPageLink);
$info .= ' ';
- $info .= GeneralUtility::hideIfDefaultLanguage($data['row']['l18n_cfg']) ? '<span title="' . $lang->sL('LLL:EXT:frontend/Resources/Private/Language/locallang_tca.xlf:pages.l18n_cfg.I.1', true) . '">D</span>' : ' ';
- $info .= GeneralUtility::hideIfNotTranslated($data['row']['l18n_cfg']) ? '<span title="' . $lang->sL('LLL:EXT:frontend/Resources/Private/Language/locallang_tca.xlf:pages.l18n_cfg.I.2', true) . '">N</span>' : ' ';
+ $info .= GeneralUtility::hideIfDefaultLanguage($data['row']['l18n_cfg']) ? '<span title="' . htmlspecialchars($lang->sL('LLL:EXT:frontend/Resources/Private/Language/locallang_tca.xlf:pages.l18n_cfg.I.1')) . '">D</span>' : ' ';
+ $info .= GeneralUtility::hideIfNotTranslated($data['row']['l18n_cfg']) ? '<span title="' . htmlspecialchars($lang->sL('LLL:EXT:frontend/Resources/Private/Language/locallang_tca.xlf:pages.l18n_cfg.I.2')) . '">N</span>' : ' ';
// Put into cell:
$tCells[] = '<td class="' . $status . ' col-border-left btn-group">' . $info . '</td>';
$tCells[] = '<td class="' . $status . '" title="' . $lang->sL(
diff --git a/typo3/sysext/lang/Classes/Controller/LanguageController.php b/typo3/sysext/lang/Classes/Controller/LanguageController.php
index e5e3ee427c3c3511a211cd78a963031871cb3d6f..2c9006f8feee88d8f7088fb82b48108d50a42d21 100644
--- a/typo3/sysext/lang/Classes/Controller/LanguageController.php
+++ b/typo3/sysext/lang/Classes/Controller/LanguageController.php
@@ -278,7 +278,7 @@ class LanguageController extends ActionController
/** @var Menu $menu */
$menu = GeneralUtility::makeInstance(Menu::class);
$menu->setIdentifier('_languageMenu');
- $menu->setLabel($this->getLanguageService()->sL('LLL:EXT:lang/locallang_general.xlf:LGL.language', true));
+ $menu->setLabel($this->getLanguageService()->sL('LLL:EXT:lang/locallang_general.xlf:LGL.language'));
/** @var MenuItem $languageListMenuItem */
$languageListMenuItem = GeneralUtility::makeInstance(MenuItem::class);
diff --git a/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php b/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php
index 571d80cbd75f982efba533878c91a41fb5f6f581..0064461adcdd9990eae33b81dd8fc2c4b9161db7 100644
--- a/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php
+++ b/typo3/sysext/recordlist/Classes/Controller/AbstractLinkBrowserController.php
@@ -244,7 +244,7 @@ abstract class AbstractLinkBrowserController
$this->linkHandlers[$identifier] = [
'handlerInstance' => $handler,
- 'label' => $lang->sL($configuration['label'], true),
+ 'label' => htmlspecialchars($lang->sL($configuration['label'])),
'displayBefore' => isset($configuration['displayBefore']) ? GeneralUtility::trimExplode(',', $configuration['displayBefore']) : [],
'displayAfter' => isset($configuration['displayAfter']) ? GeneralUtility::trimExplode(',', $configuration['displayAfter']) : [],
'scanBefore' => isset($configuration['scanBefore']) ? GeneralUtility::trimExplode(',', $configuration['scanBefore']) : [],
diff --git a/typo3/sysext/recordlist/Classes/RecordList/AbstractDatabaseRecordList.php b/typo3/sysext/recordlist/Classes/RecordList/AbstractDatabaseRecordList.php
index 43f7aaeb65b5eccfcda0721e03c55e0ecd176cb6..011cd0a0caef174b7ccabca79482a6662917e26a 100644
--- a/typo3/sysext/recordlist/Classes/RecordList/AbstractDatabaseRecordList.php
+++ b/typo3/sysext/recordlist/Classes/RecordList/AbstractDatabaseRecordList.php
@@ -567,7 +567,7 @@ class AbstractDatabaseRecordList extends AbstractRecordList
foreach ($searchLevelItems as $kv => $label) {
$opt[] = '<option value="' . $kv . '"' . ($kv === $this->searchLevels ? ' selected="selected"' : '') . '>' . htmlspecialchars($label) . '</option>';
}
- $lMenu = '<select class="form-control" name="search_levels" title="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.search_levels', true) . '" id="search_levels">' . implode('', $opt) . '</select>';
+ $lMenu = '<select class="form-control" name="search_levels" title="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.search_levels')) . '" id="search_levels">' . implode('', $opt) . '</select>';
// Table with the search box:
$content = '<div class="db_list-searchbox-form db_list-searchbox-toolbar module-docheader-bar module-docheader-bar-search t3js-module-docheader-bar t3js-module-docheader-bar-search" id="db_list-searchbox-toolbar" style="display: ' . ($this->searchString == '' ? 'none' : 'block') . ';">
' . $formElements[0] . '
@@ -576,19 +576,19 @@ class AbstractDatabaseRecordList extends AbstractRecordList
<div class="panel-body">
<div class="form-inline form-inline-spaced">
<div class="form-group">
- <input class="form-control" type="search" placeholder="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.enterSearchString', true) . '" title="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.searchString', true) . '" name="search_field" id="search_field" value="' . htmlspecialchars($this->searchString) . '" />
+ <input class="form-control" type="search" placeholder="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.enterSearchString')) . '" title="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.searchString')) . '" name="search_field" id="search_field" value="' . htmlspecialchars($this->searchString) . '" />
</div>
<div class="form-group">
- <label for="search_levels">' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.label.search_levels', true) . ': </label>
+ <label for="search_levels">' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.label.search_levels')) . ': </label>
' . $lMenu . '
</div>
<div class="form-group">
- <label for="showLimit">' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.label.limit', true) . ': </label>
- <input class="form-control" type="number" min="0" max="10000" placeholder="10" title="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.limit', true) . '" name="showLimit" id="showLimit" value="' . htmlspecialchars(($this->showLimit ? $this->showLimit : '')) . '" />
+ <label for="showLimit">' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.label.limit')) . ': </label>
+ <input class="form-control" type="number" min="0" max="10000" placeholder="10" title="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.limit')) . '" name="showLimit" id="showLimit" value="' . htmlspecialchars(($this->showLimit ? $this->showLimit : '')) . '" />
</div>
<div class="form-group">
- <button type="submit" class="btn btn-default" name="search" title="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.search', true) . '">
- ' . $iconFactory->getIcon('actions-search', Icon::SIZE_SMALL)->render() . ' ' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.search', true) . '
+ <button type="submit" class="btn btn-default" name="search" title="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.title.search')) . '">
+ ' . $iconFactory->getIcon('actions-search', Icon::SIZE_SMALL)->render() . ' ' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.search')) . '
</button>
</div>
</div>
@@ -847,7 +847,7 @@ class AbstractDatabaseRecordList extends AbstractRecordList
$origCode = $code;
// If the title is blank, make a "no title" label:
if ((string)$code === '') {
- $code = '<i>[' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title', 1) . ']</i> - ' . htmlspecialchars(GeneralUtility::fixed_lgd_cs(
+ $code = '<i>[' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title')) . ']</i> - ' . htmlspecialchars(GeneralUtility::fixed_lgd_cs(
BackendUtility::getRecordTitle($table, $row),
$this->getBackendUserAuthentication()->uc['titleLen']
));
@@ -877,7 +877,7 @@ class AbstractDatabaseRecordList extends AbstractRecordList
if ($table == 'pages' || $table == 'tt_content') {
$code = '<a href="#" onclick="' . htmlspecialchars(
BackendUtility::viewOnClick(($table == 'tt_content' ? $this->id . '#' . $row['uid'] : $row['uid']))
- ) . '" title="' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage', true) . '">' . $code . '</a>';
+ ) . '" title="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage')) . '">' . $code . '</a>';
}
break;
case 'info':
diff --git a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
index 0ae991f0234608e5e0e0887f463a6378fe537dd3..f331df4399a264f0bfde6f09c96b8109456f6501 100644
--- a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
+++ b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
@@ -259,7 +259,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if (!in_array($this->pageRow['doktype'], $noViewDokTypes)) {
$onClick = htmlspecialchars(BackendUtility::viewOnClick($this->id, '', BackendUtility::BEgetRootLine($this->id)));
$buttons['view'] = '<a href="#" onclick="' . $onClick . '" title="'
- . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage', true) . '">'
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage')) . '">'
. $this->iconFactory->getIcon('actions-document-view', Icon::SIZE_SMALL)->render() . '</a>';
}
// New record on pages that are not locked by editlock
@@ -298,7 +298,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
}
// Cache
$buttons['cache'] = '<a href="' . htmlspecialchars(($this->listURL() . '&clear_cache=1')) . '" title="'
- . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.clear_cache', true) . '">'
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.clear_cache')) . '">'
. $this->iconFactory->getIcon('actions-system-cache-clear', Icon::SIZE_SMALL)->render() . '</a>';
if ($this->table && (!isset($module->modTSconfig['properties']['noExportRecordsLinks'])
|| (isset($module->modTSconfig['properties']['noExportRecordsLinks'])
@@ -306,20 +306,20 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
) {
// CSV
$buttons['csv'] = '<a href="' . htmlspecialchars(($this->listURL() . '&csv=1')) . '" title="'
- . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.csv', true) . '">'
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.csv')) . '">'
. $this->iconFactory->getIcon('actions-document-export-csv', Icon::SIZE_SMALL)->render() . '</a>';
// Export
if (ExtensionManagementUtility::isLoaded('impexp')) {
$url = BackendUtility::getModuleUrl('xMOD_tximpexp', array('tx_impexp[action]' => 'export'));
$buttons['export'] = '<a href="' . htmlspecialchars($url . '&tx_impexp[list][]='
. rawurlencode($this->table . ':' . $this->id)) . '" title="'
- . $lang->sL('LLL:EXT:lang/locallang_core.xlf:rm.export', true) . '">'
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:rm.export')) . '">'
. $this->iconFactory->getIcon('actions-document-export-t3d', Icon::SIZE_SMALL)->render() . '</a>';
}
}
// Reload
$buttons['reload'] = '<a href="' . htmlspecialchars($this->listURL()) . '" title="'
- . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.reload', true) . '">'
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.reload')) . '">'
. $this->iconFactory->getIcon('actions-refresh', Icon::SIZE_SMALL)->render() . '</a>';
// Shortcut
if ($backendUser->mayMakeShortcut()) {
@@ -333,7 +333,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if ($this->returnUrl) {
$href = htmlspecialchars(GeneralUtility::linkThisUrl($this->returnUrl, array('id' => $this->id)));
$buttons['back'] = '<a href="' . $href . '" class="typo3-goBack" title="'
- . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.goBack', true) . '">'
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.goBack')) . '">'
. $this->iconFactory->getIcon('actions-view-go-back', Icon::SIZE_SMALL)->render() . '</a>';
}
}
@@ -483,7 +483,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if ($this->returnUrl) {
$href = htmlspecialchars(GeneralUtility::linkThisUrl($this->returnUrl, array('id' => $this->id)));
$buttons['back'] = '<a href="' . $href . '" class="typo3-goBack" title="'
- . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.goBack', true) . '">'
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.goBack')) . '">'
. $this->iconFactory->getIcon('actions-view-go-back', Icon::SIZE_SMALL) . '</a>';
}
}
@@ -601,8 +601,8 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$selectFields = array_unique($selectFields);
$fieldListFields = $this->makeFieldList($table, 1);
if (empty($fieldListFields) && $GLOBALS['TYPO3_CONF_VARS']['BE']['debug']) {
- $message = sprintf($lang->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:missingTcaColumnsMessage', true), $table, $table);
- $messageTitle = $lang->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:missingTcaColumnsMessageTitle', true);
+ $message = sprintf(htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:missingTcaColumnsMessage')), $table, $table);
+ $messageTitle = htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:missingTcaColumnsMessageTitle'));
/** @var FlashMessage $flashMessage */
$flashMessage = GeneralUtility::makeInstance(
FlashMessage::class,
@@ -677,7 +677,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
}
// If any records was selected, render the list:
if ($dbCount) {
- $tableTitle = $lang->sL($GLOBALS['TCA'][$table]['ctrl']['title'], true);
+ $tableTitle = htmlspecialchars($lang->sL($GLOBALS['TCA'][$table]['ctrl']['title']));
if ($tableTitle === '') {
$tableTitle = $table;
}
@@ -700,8 +700,8 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if (!$this->table) {
$href = htmlspecialchars(($this->listURL() . '&collapse[' . $table . ']=' . ($tableCollapsed ? '0' : '1')));
$title = $tableCollapsed
- ? $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.expandTable', true)
- : $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.collapseTable', true);
+ ? htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.expandTable'))
+ : htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.collapseTable'));
$icon = '<span class="collapseIcon">' . $this->iconFactory->getIcon(($tableCollapsed ? 'actions-view-list-expand' : 'actions-view-list-collapse'), Icon::SIZE_SMALL)->render() . '</span>';
$collapseIcon = '<a href="' . $href . '" title="' . $title . '" class="pull-right t3js-toggle-recordlist" data-table="' . htmlspecialchars($table) . '" data-toggle="collapse" data-target="#recordlist-' . htmlspecialchars($table) . '">' . $icon . '</a>';
}
@@ -1052,15 +1052,15 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
switch ((string)$fCol) {
case '_PATH_':
// Path
- $theData[$fCol] = '<i>[' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels._PATH_', true) . ']</i>';
+ $theData[$fCol] = '<i>[' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels._PATH_')) . ']</i>';
break;
case '_REF_':
// References
- $theData[$fCol] = '<i>[' . $lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:c__REF_', true) . ']</i>';
+ $theData[$fCol] = '<i>[' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:c__REF_')) . ']</i>';
break;
case '_LOCALIZATION_':
// Path
- $theData[$fCol] = '<i>[' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels._LOCALIZATION_', true) . ']</i>';
+ $theData[$fCol] = '<i>[' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels._LOCALIZATION_')) . ']</i>';
break;
case '_LOCALIZATION_b':
// Path
@@ -1202,7 +1202,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
// at the end
$sortLabel = BackendUtility::getItemLabel($table, $fCol);
if ($sortLabel !== null) {
- $sortLabel = $lang->sL($sortLabel, true);
+ $sortLabel = htmlspecialchars($lang->sL($sortLabel));
$sortLabel = rtrim(trim($sortLabel), ':');
} else {
// No TCA field, only output the $fCol variable with square brackets []
@@ -1294,8 +1294,8 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$currentPage = floor($this->firstElementNumber / $this->iLimit) + 1;
// Compile first, previous, next, last and refresh buttons
if ($currentPage > 1) {
- $labelFirst = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:first', true);
- $labelPrevious = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:previous', true);
+ $labelFirst = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:first'));
+ $labelPrevious = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:previous'));
$first = '<li><a href="' . $listURL . '&pointer=' . $this->getPointerForPage(1) . '" title="' . $labelFirst . '">'
. $this->iconFactory->getIcon('actions-view-paging-first', Icon::SIZE_SMALL)->render() . '</a></li>';
$previous = '<li><a href="' . $listURL . '&pointer=' . $this->getPointerForPage($currentPage - 1) . '" title="' . $labelPrevious . '">'
@@ -1305,8 +1305,8 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$previous = '<li class="disabled"><span>' . $this->iconFactory->getIcon('actions-view-paging-previous', Icon::SIZE_SMALL)->render() . '</span></li>';
}
if ($currentPage < $totalPages) {
- $labelNext = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:next', true);
- $labelLast = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:last', true);
+ $labelNext = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:next'));
+ $labelLast = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:last'));
$next = '<li><a href="' . $listURL . '&pointer=' . $this->getPointerForPage($currentPage + 1) . '" title="' . $labelNext . '">'
. $this->iconFactory->getIcon('actions-view-paging-next', Icon::SIZE_SMALL)->render() . '</a></li>';
$last = '<li><a href="' . $listURL . '&pointer=' . $this->getPointerForPage($totalPages) . '" title="' . $labelLast . '">'
@@ -1318,7 +1318,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$reload = '<li><a href="#" onclick="document.dblistForm.action=' . GeneralUtility::quoteJSvalue($listURL
. '&pointer=') . '+calculatePointer(document.getElementById(' . GeneralUtility::quoteJSvalue('jumpPage-' . $renderPart)
. ').value); document.dblistForm.submit(); return true;" title="'
- . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:reload', true) . '">'
+ . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:reload')) . '">'
. $this->iconFactory->getIcon('actions-refresh', Icon::SIZE_SMALL)->render() . '</a></li>';
if ($renderPart === 'top') {
// Add js to traverse a page select input to a pointer value
@@ -1421,7 +1421,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
'',
($table === 'tt_content' ? '#' . $row['uid'] : '')
)
- ) . '" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage', true) . '">'
+ ) . '" title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage')) . '">'
. $this->iconFactory->getIcon('actions-view', Icon::SIZE_SMALL)->render() . '</a>';
$this->addActionToCellGroup($cells, $viewAction, 'view');
}
@@ -1721,7 +1721,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$cells['copy'] = '<a class="btn btn-default" href="#" onclick="'
. htmlspecialchars('return jumpSelf(' . GeneralUtility::quoteJSvalue($this->clipObj->selUrlDB($table, $row['uid'], 1, ($isSel === 'copy'), array('returnUrl' => ''))) . ');')
- . '" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.copy', true) . '">'
+ . '" title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.copy')) . '">'
. $copyIcon->render() . '</a>';
// Check permission to cut page or content
@@ -1738,7 +1738,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if ($permsEdit) {
$cells['cut'] = '<a class="btn btn-default" href="#" onclick="'
. htmlspecialchars('return jumpSelf(' . GeneralUtility::quoteJSvalue($this->clipObj->selUrlDB($table, $row['uid'], 0, ($isSel === 'cut'), array('returnUrl' => ''))) . ');')
- . '" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.cut', true) . '">'
+ . '" title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.cut')) . '">'
. $cutIcon->render() . '</a>';
} else {
$cells['cut'] = $this->spaceIcon;
@@ -1747,7 +1747,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if ($table !== 'pages' && $this->calcPerms & Permission::CONTENT_EDIT) {
$cells['cut'] = '<a class="btn btn-default" href="#" onclick="'
. htmlspecialchars('return jumpSelf(' . GeneralUtility::quoteJSvalue($this->clipObj->selUrlDB($table, $row['uid'], 0, ($isSel === 'cut'), array('returnUrl' => ''))) . ');')
- . '" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.cut', true) . '">'
+ . '" title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.cut')) . '">'
. $cutIcon->render() . '</a>';
} else {
$cells['cut'] = $this->spaceIcon;
@@ -1961,7 +1961,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
</table>
</div>
<input type="submit" name="search" class="btn btn-default" value="'
- . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.setFields', true) . '"/>
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.setFields')) . '"/>
' . $formElements[1];
return '<div class="fieldSelectBox">' . $content . '</div>';
}
diff --git a/typo3/sysext/rtehtmlarea/Classes/Controller/UserElementsController.php b/typo3/sysext/rtehtmlarea/Classes/Controller/UserElementsController.php
index bfbab25cb8bb76ba728f361da8a76fa0760e91aa..27388803cdc2ddb574ebec94092191a4403d2cad 100644
--- a/typo3/sysext/rtehtmlarea/Classes/Controller/UserElementsController.php
+++ b/typo3/sysext/rtehtmlarea/Classes/Controller/UserElementsController.php
@@ -222,9 +222,9 @@ class UserElementsController
if (!$title) {
$title = '[' . htmlspecialchars($GLOBALS['LANG']->getLL('noTitle')) . ']';
} else {
- $title = $GLOBALS['LANG']->sL($title, true);
+ $title = htmlspecialchars($GLOBALS['LANG']->sL($title));
}
- $description = $GLOBALS['LANG']->sL($v[$k2i . '.']['description'], true) . '<br />';
+ $description = htmlspecialchars($GLOBALS['LANG']->sL($v[$k2i . '.']['description'])) . '<br />';
if (!$v[$k2i . '.']['dontInsertSiteUrl']) {
$v[$k2i . '.']['content'] = str_replace('###_URL###', $this->siteUrl, $v[$k2i . '.']['content']);
}
@@ -271,7 +271,7 @@ class UserElementsController
if (!$title) {
$title = '[' . htmlspecialchars($GLOBALS['LANG']->getLL('noTitle')) . ']';
} else {
- $title = $GLOBALS['LANG']->sL($title, true);
+ $title = htmlspecialchars($GLOBALS['LANG']->sL($title));
}
$uriBuilder = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Routing\UriBuilder::class);
diff --git a/typo3/sysext/wizard_crpages/Classes/Controller/CreatePagesWizardModuleFunctionController.php b/typo3/sysext/wizard_crpages/Classes/Controller/CreatePagesWizardModuleFunctionController.php
index 561c7e530f8f645ab8e8d0e59e5ccf939ba986be..a55cffefa165cdaad99ea5b5ac8b8db499ef08cd 100644
--- a/typo3/sysext/wizard_crpages/Classes/Controller/CreatePagesWizardModuleFunctionController.php
+++ b/typo3/sysext/wizard_crpages/Classes/Controller/CreatePagesWizardModuleFunctionController.php
@@ -275,12 +275,12 @@ class CreatePagesWizardModuleFunctionController extends \TYPO3\CMS\Backend\Modul
foreach ($groupedData as $groupLabel => $items) {
$groupContent = '';
foreach ($items as $item) {
- $label = $this->getLanguageService()->sL($item[0], true);
+ $label = htmlspecialchars($this->getLanguageService()->sL($item[0]));
$value = $item[1];
$icon = !empty($item[2]) ? FormEngineUtility::getIconHtml($item[2], $label, $label) : '';
$groupContent .= '<option value="' . htmlspecialchars($value) . '" data-icon="' . htmlspecialchars($icon) . '">' . $label . '</option>';
}
- $groupLabel = $this->getLanguageService()->sL($groupLabel, true);
+ $groupLabel = htmlspecialchars($this->getLanguageService()->sL($groupLabel));
$content .= '<optgroup label="' . $groupLabel . '">' . $groupContent . '</optgroup>';
}