diff --git a/typo3/sysext/backend/Classes/Clipboard/Clipboard.php b/typo3/sysext/backend/Classes/Clipboard/Clipboard.php
index 2482526b7e038eff687d9ce00c5947d8ae589def..30848c57597a5cdfa4197e39ac7607e17868952f 100644
--- a/typo3/sysext/backend/Classes/Clipboard/Clipboard.php
+++ b/typo3/sysext/backend/Classes/Clipboard/Clipboard.php
@@ -316,8 +316,8 @@ class Clipboard
. htmlspecialchars($title) . '</a></li>';
// Clear clipboard
- $optionArray[] = '<li><a href="' . htmlspecialchars($removeAllUrl) . '#clip_head">' . $languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.clipboard.clear_clipboard', true) . '</a></li>';
- $deleteLink = '<a class="btn btn-danger" href="' . htmlspecialchars($removeAllUrl) . '#clip_head" title="' . $languageService->sL('LLL:EXT:lang/locallang_core.xlf:buttons.clear', true) . '">' . $this->iconFactory->getIcon('actions-document-close', Icon::SIZE_SMALL)->render(SvgIconProvider::MARKUP_IDENTIFIER_INLINE) . '</a>';
+ $optionArray[] = '<li><a href="' . htmlspecialchars($removeAllUrl) . '#clip_head">' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.clipboard.clear_clipboard')) . '</a></li>';
+ $deleteLink = '<a class="btn btn-danger" href="' . htmlspecialchars($removeAllUrl) . '#clip_head" title="' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:buttons.clear')) . '">' . $this->iconFactory->getIcon('actions-document-close', Icon::SIZE_SMALL)->render(SvgIconProvider::MARKUP_IDENTIFIER_INLINE) . '</a>';
// menuSelector
$menuSelector = '
diff --git a/typo3/sysext/backend/Classes/Form/Container/FlexFormContainerContainer.php b/typo3/sysext/backend/Classes/Form/Container/FlexFormContainerContainer.php
index 7f60714d5cbe91a2863f01c25494fe958751abbc..25d0cd902f44f6602e00a585944e031475ba8a09 100644
--- a/typo3/sysext/backend/Classes/Form/Container/FlexFormContainerContainer.php
+++ b/typo3/sysext/backend/Classes/Form/Container/FlexFormContainerContainer.php
@@ -68,8 +68,8 @@ class FlexFormContainerContainer extends AbstractContainer
$moveAndDeleteContent = array();
$userHasAccessToDefaultLanguage = $this->getBackendUserAuthentication()->checkLanguageAccess(0);
if ($userHasAccessToDefaultLanguage) {
- $moveAndDeleteContent[] = '<span class="btn btn-default t3js-sortable-handle"><span title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:sortable.dragmove', true) . '">' . $iconFactory->getIcon('actions-move-move', Icon::SIZE_SMALL)->render() . '</span></span>';
- $moveAndDeleteContent[] = '<span class="btn btn-default t3js-delete"><span title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:delete', true) . '">' . $iconFactory->getIcon('actions-edit-delete', Icon::SIZE_SMALL)->render() . '</span></span>';
+ $moveAndDeleteContent[] = '<span class="btn btn-default t3js-sortable-handle"><span title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:sortable.dragmove')) . '">' . $iconFactory->getIcon('actions-move-move', Icon::SIZE_SMALL)->render() . '</span></span>';
+ $moveAndDeleteContent[] = '<span class="btn btn-default t3js-delete"><span title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:delete')) . '">' . $iconFactory->getIcon('actions-edit-delete', Icon::SIZE_SMALL)->render() . '</span></span>';
}
$options = $this->data;
diff --git a/typo3/sysext/backend/Classes/Form/Container/FlexFormSectionContainer.php b/typo3/sysext/backend/Classes/Form/Container/FlexFormSectionContainer.php
index 52bf3944ffc8399ec24e8c36c2d6a5f8605955c6..1282a05cdd693c98e04c06d6cffbad98f6eb112f 100644
--- a/typo3/sysext/backend/Classes/Form/Container/FlexFormSectionContainer.php
+++ b/typo3/sysext/backend/Classes/Form/Container/FlexFormSectionContainer.php
@@ -166,7 +166,7 @@ class FlexFormSectionContainer extends AbstractContainer
}
// Wrap child stuff
- $toggleAll = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.toggleall', true);
+ $toggleAll = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.toggleall'));
$html = array();
$html[] = '<div class="panel panel-tab">';
$html[] = '<div class="panel-body">';
diff --git a/typo3/sysext/backend/Classes/Form/Container/InlineControlContainer.php b/typo3/sysext/backend/Classes/Form/Container/InlineControlContainer.php
index cb01264ba1321c45eb4f5625e30f44cf652db15b..e47cb77428a60e389fba5b6d8d70a8c11a3642b1 100644
--- a/typo3/sysext/backend/Classes/Form/Container/InlineControlContainer.php
+++ b/typo3/sysext/backend/Classes/Form/Container/InlineControlContainer.php
@@ -351,7 +351,7 @@ class InlineControlContainer extends AbstractContainer
$attributes = array();
switch ($type) {
case 'newRecord':
- $title = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:cm.createnew', true);
+ $title = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:cm.createnew'));
$icon = 'actions-document-new';
$className = 'typo3-newRecordLink';
$attributes['class'] = 'btn btn-default inlineNewButton ' . $this->inlineData['config'][$nameObject]['md5'];
@@ -360,23 +360,23 @@ class InlineControlContainer extends AbstractContainer
$attributes['style'] = $conf['inline']['inlineNewButtonStyle'];
}
if (!empty($conf['appearance']['newRecordLinkAddTitle'])) {
- $title = sprintf(
- $languageService->sL('LLL:EXT:lang/locallang_core.xlf:cm.createnew.link', true),
- $languageService->sL($GLOBALS['TCA'][$conf['foreign_table']]['ctrl']['title'], true)
- );
+ $title = htmlspecialchars(sprintf(
+ $languageService->sL('LLL:EXT:lang/locallang_core.xlf:cm.createnew.link'),
+ $languageService->sL($GLOBALS['TCA'][$conf['foreign_table']]['ctrl']['title'])
+ ));
} elseif (isset($conf['appearance']['newRecordLinkTitle']) && $conf['appearance']['newRecordLinkTitle'] !== '') {
- $title = $languageService->sL($conf['appearance']['newRecordLinkTitle'], true);
+ $title = htmlspecialchars($languageService->sL($conf['appearance']['newRecordLinkTitle']));
}
break;
case 'localize':
- $title = $languageService->sL('LLL:EXT:lang/locallang_misc.xlf:localizeAllRecords', true);
+ $title = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_misc.xlf:localizeAllRecords'));
$icon = 'actions-document-localize';
$className = 'typo3-localizationLink';
$attributes['class'] = 'btn btn-default';
$attributes['onclick'] = 'return inline.synchronizeLocalizeRecords(' . GeneralUtility::quoteJSvalue($objectPrefix) . ', \'localize\')';
break;
case 'synchronize':
- $title = $languageService->sL('LLL:EXT:lang/locallang_misc.xlf:synchronizeWithOriginalLanguage', true);
+ $title = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_misc.xlf:synchronizeWithOriginalLanguage'));
$icon = 'actions-document-synchronize';
$className = 'typo3-synchronizationLink';
$attributes['class'] = 'btn btn-default inlineNewButton ' . $this->inlineData['config'][$nameObject]['md5'];
@@ -433,9 +433,9 @@ class InlineControlContainer extends AbstractContainer
$mode = 'db';
$showUpload = false;
if (!empty($inlineConfiguration['appearance']['createNewRelationLinkTitle'])) {
- $createNewRelationText = $languageService->sL($inlineConfiguration['appearance']['createNewRelationLinkTitle'], true);
+ $createNewRelationText = htmlspecialchars($languageService->sL($inlineConfiguration['appearance']['createNewRelationLinkTitle']));
} else {
- $createNewRelationText = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:cm.createNewRelation', true);
+ $createNewRelationText = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:cm.createNewRelation'));
}
if (is_array($groupFieldConfiguration['appearance'])) {
if (isset($groupFieldConfiguration['appearance']['elementBrowserType'])) {
@@ -492,7 +492,7 @@ class InlineControlContainer extends AbstractContainer
data-max-file-size="' . htmlspecialchars($maxFileSize) . '"
>';
$item .= $this->iconFactory->getIcon('actions-upload', Icon::SIZE_SMALL)->render() . ' ';
- $item .= $languageService->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.select-and-submit', true);
+ $item .= htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.select-and-submit'));
$item .= '</a>';
$this->requireJsModules[] = ['TYPO3/CMS/Backend/DragUploader' => 'function(dragUploader){dragUploader.initialize()}'];
@@ -502,9 +502,9 @@ class InlineControlContainer extends AbstractContainer
$buttonStyle = ' style="' . $inlineConfiguration['inline']['inlineOnlineMediaAddButtonStyle'] . '"';
}
$this->requireJsModules[] = 'TYPO3/CMS/Backend/OnlineMedia';
- $buttonText = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.button', true);
- $placeholder = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.placeholder', true);
- $buttonSubmit = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.submit', true);
+ $buttonText = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.button'));
+ $placeholder = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.placeholder'));
+ $buttonSubmit = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.submit'));
$item .= '
<span class="btn btn-default t3js-online-media-add-btn ' . $this->inlineData['config'][$nameObject]['md5'] . '"
' . $buttonStyle . '
@@ -523,7 +523,7 @@ class InlineControlContainer extends AbstractContainer
$item = '<div class="form-control-wrap">' . $item . '</div>';
$allowedList = '';
- $allowedLabel = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:cm.allowedFileExtensions', true);
+ $allowedLabel = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:cm.allowedFileExtensions'));
foreach ($allowedArray as $allowedItem) {
$allowedList .= '<span class="label label-success">' . strtoupper($allowedItem) . '</span> ';
}
@@ -569,9 +569,9 @@ class InlineControlContainer extends AbstractContainer
// there is only one record item in the select-box, that is selected by default
// The selector-box creates a new relation on using an onChange event (see some line above)
if (!empty($config['appearance']['createNewRelationLinkTitle'])) {
- $createNewRelationText = $this->getLanguageService()->sL($config['appearance']['createNewRelationLinkTitle'], true);
+ $createNewRelationText = htmlspecialchars($this->getLanguageService()->sL($config['appearance']['createNewRelationLinkTitle']));
} else {
- $createNewRelationText = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.createNewRelation', true);
+ $createNewRelationText = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.createNewRelation'));
}
$item .= '
<span class="input-group-btn">
diff --git a/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php b/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
index 974f0b6d3eb95834c25b90e56c94b1e5087b80df..113a2f88fc43320d8a131c1745267e2bba12706a 100644
--- a/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
+++ b/typo3/sysext/backend/Classes/Form/Container/InlineRecordContainer.php
@@ -305,7 +305,7 @@ class InlineRecordContainer extends AbstractContainer
$recordTitle = $data['recordTitle'];
if (empty($recordTitle)) {
- $recordTitle = '<em>[' . $languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title', true) . ']</em>';
+ $recordTitle = '<em>[' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title')) . ']</em>';
}
$altText = BackendUtility::getRecordIconAltText($rec, $foreignTable);
@@ -409,7 +409,7 @@ class InlineRecordContainer extends AbstractContainer
$hookObj->renderForeignRecordHeaderControl_preProcess($data['inlineParentUid'], $foreignTable, $rec, $inlineConfig, $data['isInlineDefaultLanguageRecordInLocalizedParentContext'], $enabledControls);
}
if ($data['isInlineDefaultLanguageRecordInLocalizedParentContext']) {
- $cells['localize.isLocalizable'] = '<span title="' . $languageService->sL('LLL:EXT:lang/locallang_misc.xlf:localize.isLocalizable', true) . '">'
+ $cells['localize.isLocalizable'] = '<span title="' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_misc.xlf:localize.isLocalizable')) . '">'
. $this->iconFactory->getIcon('actions-edit-localize-status-low', Icon::SIZE_SMALL)->render()
. '</span>';
}
@@ -423,7 +423,7 @@ class InlineRecordContainer extends AbstractContainer
$table = $foreignTable;
}
$cells['info'] = '
- <a class="btn btn-default" href="#" onclick="' . htmlspecialchars(('top.launchView(' . GeneralUtility::quoteJSvalue($table) . ', ' . GeneralUtility::quoteJSvalue($uid) . '); return false;')) . '" title="' . $languageService->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:showInfo', true) . '">
+ <a class="btn btn-default" href="#" onclick="' . htmlspecialchars(('top.launchView(' . GeneralUtility::quoteJSvalue($table) . ', ' . GeneralUtility::quoteJSvalue($uid) . '); return false;')) . '" title="' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:showInfo')) . '">
' . $this->iconFactory->getIcon('actions-document-info', Icon::SIZE_SMALL)->render() . '
</a>';
}
@@ -438,7 +438,7 @@ class InlineRecordContainer extends AbstractContainer
$style = ' style="' . $inlineConfig['inline']['inlineNewButtonStyle'] . '"';
}
$cells['new'] = '
- <a class="btn btn-default inlineNewButton ' . $this->inlineData['config'][$nameObject]['md5'] . '" href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . $languageService->sL(('LLL:EXT:lang/locallang_mod_web_list.xlf:new' . ($isPagesTable ? 'Page' : 'Record')), true) . '" ' . $style . '>
+ <a class="btn btn-default inlineNewButton ' . $this->inlineData['config'][$nameObject]['md5'] . '" href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . htmlspecialchars($languageService->sL(('LLL:EXT:lang/locallang_mod_web_list.xlf:new' . ($isPagesTable ? 'Page' : 'Record')))) . '" ' . $style . '>
' . $this->iconFactory->getIcon('actions-' . ($isPagesTable ? 'page' : 'document') . '-new', Icon::SIZE_SMALL)->render() . '
</a>';
}
@@ -449,14 +449,14 @@ class InlineRecordContainer extends AbstractContainer
$onClick = 'return inline.changeSorting(' . GeneralUtility::quoteJSvalue($nameObjectFtId) . ', \'1\')';
$style = $inlineConfig['inline']['first'] == $rec['uid'] ? 'style="visibility: hidden;"' : '';
$cells['sort.up'] = '
- <a class="btn btn-default sortingUp" href="#" onclick="' . htmlspecialchars($onClick) . '" ' . $style . ' title="' . $languageService->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:moveUp', true) . '">
+ <a class="btn btn-default sortingUp" href="#" onclick="' . htmlspecialchars($onClick) . '" ' . $style . ' title="' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:moveUp')) . '">
' . $this->iconFactory->getIcon('actions-move-up', Icon::SIZE_SMALL)->render() . '
</a>';
// Down
$onClick = 'return inline.changeSorting(' . GeneralUtility::quoteJSvalue($nameObjectFtId) . ', \'-1\')';
$style = $inlineConfig['inline']['last'] == $rec['uid'] ? 'style="visibility: hidden;"' : '';
$cells['sort.down'] = '
- <a class="btn btn-default sortingDown" href="#" onclick="' . htmlspecialchars($onClick) . '" ' . $style . ' title="' . $languageService->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:moveDown', true) . '">
+ <a class="btn btn-default sortingDown" href="#" onclick="' . htmlspecialchars($onClick) . '" ' . $style . ' title="' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:moveDown')) . '">
' . $this->iconFactory->getIcon('actions-move-down', Icon::SIZE_SMALL)->render() . '
</a>';
}
@@ -493,7 +493,7 @@ class InlineRecordContainer extends AbstractContainer
|| !$isPagesTable && $calcPerms & Permission::CONTENT_EDIT
|| $isSysFileReferenceTable && $calcPerms & Permission::PAGE_EDIT)
) {
- $title = $languageService->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:delete', true);
+ $title = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:delete'));
$icon = $this->iconFactory->getIcon('actions-edit-delete', Icon::SIZE_SMALL)->render();
$cells['delete'] = '<a href="#" class="btn btn-default t3js-editform-delete-inline-record" data-objectid="' . htmlspecialchars($nameObjectFtId) . '" title="' . $title . '">' . $icon . '</a>';
}
@@ -505,14 +505,14 @@ class InlineRecordContainer extends AbstractContainer
GeneralUtility::quoteJSvalue($hiddenField) .')';
$className = 't3js-' . $nameObjectFtId . '_disabled';
if ($rec[$hiddenField]) {
- $title = $languageService->sL(('LLL:EXT:lang/locallang_mod_web_list.xlf:unHide' . ($isPagesTable ? 'Page' : '')), true);
+ $title = htmlspecialchars($languageService->sL(('LLL:EXT:lang/locallang_mod_web_list.xlf:unHide' . ($isPagesTable ? 'Page' : ''))));
$cells['hide.unhide'] = '
<a class="btn btn-default hiddenHandle ' . $className . '" href="#" onclick="'
. htmlspecialchars($onClick) . '"' . 'title="' . $title . '">' .
$this->iconFactory->getIcon('actions-edit-unhide', Icon::SIZE_SMALL)->render() . '
</a>';
} else {
- $title = $languageService->sL(('LLL:EXT:lang/locallang_mod_web_list.xlf:hide' . ($isPagesTable ? 'Page' : '')), true);
+ $title = htmlspecialchars($languageService->sL(('LLL:EXT:lang/locallang_mod_web_list.xlf:hide' . ($isPagesTable ? 'Page' : ''))));
$cells['hide.hide'] = '
<a class="btn btn-default hiddenHandle ' . $className . '" href="#" onclick="'
. htmlspecialchars($onClick) . '"' . 'title="' . $title . '">' .
@@ -523,7 +523,7 @@ class InlineRecordContainer extends AbstractContainer
// Drag&Drop Sorting: Sortable handler for script.aculo.us
if ($enabledControls['dragdrop'] && $permsEdit && $enableManualSorting && $inlineConfig['appearance']['useSortable']) {
$additionalCells['dragdrop'] = '
- <span class="btn btn-default sortableHandle" data-id="' . htmlspecialchars($rec['uid']) . '" title="' . $languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.move', true) . '">
+ <span class="btn btn-default sortableHandle" data-id="' . htmlspecialchars($rec['uid']) . '" title="' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.move')) . '">
' . $this->iconFactory->getIcon('actions-move-move', Icon::SIZE_SMALL)->render() . '
</span>';
}
@@ -531,7 +531,7 @@ class InlineRecordContainer extends AbstractContainer
if ($enabledControls['localize'] && $data['isInlineDefaultLanguageRecordInLocalizedParentContext']) {
$onClick = 'inline.synchronizeLocalizeRecords(' . GeneralUtility::quoteJSvalue($nameObjectFt) . ', ' . GeneralUtility::quoteJSvalue($rec['uid']) . ');';
$cells['localize'] = '
- <a class="btn btn-default" href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . $languageService->sL('LLL:EXT:lang/locallang_misc.xlf:localize', true) . '">
+ <a class="btn btn-default" href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_misc.xlf:localize')) . '">
' . $this->iconFactory->getIcon('actions-document-localize', Icon::SIZE_SMALL)->render() . '
</a>';
}
diff --git a/typo3/sysext/backend/Classes/Form/Container/OuterWrapContainer.php b/typo3/sysext/backend/Classes/Form/Container/OuterWrapContainer.php
index fb8efd765c9d4f79240cc505971e87988c0fd6e3..f8e2aa102c6f80d6cd573db02f1358ee2b3292a3 100644
--- a/typo3/sysext/backend/Classes/Form/Container/OuterWrapContainer.php
+++ b/typo3/sysext/backend/Classes/Form/Container/OuterWrapContainer.php
@@ -69,18 +69,18 @@ class OuterWrapContainer extends AbstractContainer
$tableTitle = $languageService->sL($this->data['processedTca']['ctrl']['title']);
if ($this->data['command'] === 'new') {
- $newOrUid = ' <span class="typo3-TCEforms-newToken">' . $languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.new', true) . '</span>';
+ $newOrUid = ' <span class="typo3-TCEforms-newToken">' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.new')) . '</span>';
// @todo: There is quite some stuff do to for WS overlays ...
$workspacedPageRecord = BackendUtility::getRecordWSOL('pages', $this->data['effectivePid'], 'title');
$pageTitle = BackendUtility::getRecordTitle('pages', $workspacedPageRecord, true, false);
if ($table === 'pages') {
- $label = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.createNewPage', true);
+ $label = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.createNewPage'));
$pageTitle = sprintf($label, $tableTitle);
} else {
- $label = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.createNewRecord', true);
+ $label = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.createNewRecord'));
if ($this->data['effectivePid'] === 0) {
- $label = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.createNewRecordRootLevel', true);
+ $label = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.createNewRecordRootLevel'));
}
$pageTitle = sprintf($label, $tableTitle, $pageTitle);
}
@@ -91,17 +91,17 @@ class OuterWrapContainer extends AbstractContainer
// @todo: getRecordTitlePrep applies an htmlspecialchars here
$recordLabel = BackendUtility::getRecordTitlePrep($this->data['recordTitle']);
if ($table === 'pages') {
- $label = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.editPage', true);
+ $label = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.editPage'));
$pageTitle = sprintf($label, $tableTitle, $recordLabel);
} else {
- $label = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.editRecord', true);
+ $label = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.editRecord'));
$workspacedPageRecord = BackendUtility::getRecordWSOL('pages', $row['pid'], 'uid,title');
$pageTitle = BackendUtility::getRecordTitle('pages', $workspacedPageRecord, true, false);
if (empty($recordLabel)) {
- $label = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.editRecordNoTitle', true);
+ $label = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.editRecordNoTitle'));
}
if ($this->data['effectivePid'] === 0) {
- $label = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.editRecordRootLevel', true);
+ $label = htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.editRecordRootLevel'));
}
if (!empty($recordLabel)) {
// Use record title and prepend an edit label.
diff --git a/typo3/sysext/backend/Classes/Form/Container/SingleFieldContainer.php b/typo3/sysext/backend/Classes/Form/Container/SingleFieldContainer.php
index b83e3d1b769bd2908ed38e08cf791145aad2c55c..c65f8622f5ee8619d2a41bd7327db969035f17b8 100644
--- a/typo3/sysext/backend/Classes/Form/Container/SingleFieldContainer.php
+++ b/typo3/sysext/backend/Classes/Form/Container/SingleFieldContainer.php
@@ -341,7 +341,7 @@ class SingleFieldContainer extends AbstractContainer
/** @var IconFactory $iconFactory */
$iconFactory = GeneralUtility::makeInstance(IconFactory::class);
if ($defaultLanguageValue !== '') {
- $item .= '<div class="t3-form-original-language" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_misc.xlf:localizeMergeIfNotBlank', true) . '">'
+ $item .= '<div class="t3-form-original-language" title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_misc.xlf:localizeMergeIfNotBlank')) . '">'
. $iconFactory->getIcon($this->data['systemLanguageRows'][0]['flagIconIdentifier'], Icon::SIZE_SMALL)->render()
. $this->getMergeBehaviourIcon($fieldConfig['l10n_mode'])
. $this->previewFieldValue($defaultLanguageValue, $fieldConfig, $field) . '</div>';
@@ -356,7 +356,7 @@ class SingleFieldContainer extends AbstractContainer
true
);
if ($defaultLanguageValue !== '') {
- $item .= '<div class="t3-form-original-language" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_misc.xlf:localizeMergeIfNotBlank', true) . '">'
+ $item .= '<div class="t3-form-original-language" title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_misc.xlf:localizeMergeIfNotBlank')) . '">'
. $iconFactory->getIcon($this->data['systemLanguageRows'][$previewLanguage['sys_language_uid']]['flagIconIdentifier'], Icon::SIZE_SMALL)->render()
. $this->getMergeBehaviourIcon($fieldConfig['l10n_mode'])
. $this->previewFieldValue($defaultLanguageValue, $fieldConfig, $field) . '</div>';
diff --git a/typo3/sysext/backend/Classes/Form/Element/ImageManipulationElement.php b/typo3/sysext/backend/Classes/Form/Element/ImageManipulationElement.php
index e0855b8d7244c3bfcbf5a5731858c804eae78553..065ce62c6bd8cf920d6eb2935a954dcad7ec8193 100644
--- a/typo3/sysext/backend/Classes/Form/Element/ImageManipulationElement.php
+++ b/typo3/sysext/backend/Classes/Form/Element/ImageManipulationElement.php
@@ -95,7 +95,7 @@ class ImageManipulationElement extends AbstractFormElement
// Check if ratio labels hold translation strings
foreach ((array)$config['ratios'] as $ratio => $label) {
- $config['ratios'][$ratio] = $languageService->sL($label, true);
+ $config['ratios'][$ratio] = htmlspecialchars($languageService->sL($label));
}
$formFieldId = StringUtility::getUniqueId('formengine-image-manipulation-');
@@ -122,7 +122,7 @@ class ImageManipulationElement extends AbstractFormElement
$button .= ' ' . $key . '="' . htmlspecialchars($value) . '"';
}
$button .= '><span class="t3-icon fa fa-crop"></span>';
- $button .= $languageService->sL('LLL:EXT:lang/locallang_wizards.xlf:imwizard.open-editor', true);
+ $button .= htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_wizards.xlf:imwizard.open-editor'));
$button .= '</button>';
$inputField = '<input type="hidden" '
@@ -139,7 +139,7 @@ class ImageManipulationElement extends AbstractFormElement
);
}
- $content .= '<p class="text-muted"><em>' . $languageService->sL('LLL:EXT:lang/locallang_wizards.xlf:imwizard.supported-types-message', true) . '<br />';
+ $content .= '<p class="text-muted"><em>' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_wizards.xlf:imwizard.supported-types-message')) . '<br />';
$content .= mb_strtoupper(implode(', ', GeneralUtility::trimExplode(',', $config['allowedExtensions'])));
$content .= '</em></p>';
@@ -245,13 +245,13 @@ class ImageManipulationElement extends AbstractFormElement
$content .= '<div class="table-fit-block table-spacer-wrap">';
$content .= '<table class="table table-no-borders t3js-image-manipulation-info' . ($imageManipulation === null ? ' hide' : '') . '">';
- $content .= '<tr><td>' . $languageService->sL('LLL:EXT:lang/locallang_wizards.xlf:imwizard.crop-x', true) . '</td>';
+ $content .= '<tr><td>' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_wizards.xlf:imwizard.crop-x')) . '</td>';
$content .= '<td class="t3js-image-manipulation-info-crop-x">' . $x . 'px</td></tr>';
- $content .= '<tr><td>' . $languageService->sL('LLL:EXT:lang/locallang_wizards.xlf:imwizard.crop-y', true) . '</td>';
+ $content .= '<tr><td>' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_wizards.xlf:imwizard.crop-y')) . '</td>';
$content .= '<td class="t3js-image-manipulation-info-crop-y">' . $y . 'px</td></tr>';
- $content .= '<tr><td>' . $languageService->sL('LLL:EXT:lang/locallang_wizards.xlf:imwizard.crop-width', true) . '</td>';
+ $content .= '<tr><td>' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_wizards.xlf:imwizard.crop-width')) . '</td>';
$content .= '<td class="t3js-image-manipulation-info-crop-width">' . $width . 'px</td></tr>';
- $content .= '<tr><td>' . $languageService->sL('LLL:EXT:lang/locallang_wizards.xlf:imwizard.crop-height', true) . '</td>';
+ $content .= '<tr><td>' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_wizards.xlf:imwizard.crop-height')) . '</td>';
$content .= '<td class="t3js-image-manipulation-info-crop-height">' . $height . 'px</td></tr>';
$content .= '</table>';
$content .= '</div>';
diff --git a/typo3/sysext/backend/Classes/Form/Element/SelectCheckBoxElement.php b/typo3/sysext/backend/Classes/Form/Element/SelectCheckBoxElement.php
index 2f20727e54aa5bb3ca0d2e862cd513e6713c4ec1..04b2d12023669069f71e0477f8bc7b7da0ddeb74 100644
--- a/typo3/sysext/backend/Classes/Form/Element/SelectCheckBoxElement.php
+++ b/typo3/sysext/backend/Classes/Form/Element/SelectCheckBoxElement.php
@@ -156,7 +156,7 @@ class SelectCheckBoxElement extends AbstractFormElement
$resetGroupBtn = '';
if (!empty($resetGroup)) {
$resetGroup[] = 'TYPO3.FormEngine.updateCheckboxState(this);';
- $title = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.revertSelection', true);
+ $title = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.revertSelection'));
$resetGroupBtn = '<a href="#" '
. 'class="btn btn-default btn-sm" '
. 'onclick="' . implode('', $resetGroup) . ' return false;" '
diff --git a/typo3/sysext/backend/Classes/Form/Element/SelectSingleBoxElement.php b/typo3/sysext/backend/Classes/Form/Element/SelectSingleBoxElement.php
index 12ca652f23d7ff455ce756e25274e4b8aa0ab8be..9d8e2e6c1cc6850e9972cbc845f558c650b0a02b 100644
--- a/typo3/sysext/backend/Classes/Form/Element/SelectSingleBoxElement.php
+++ b/typo3/sysext/backend/Classes/Form/Element/SelectSingleBoxElement.php
@@ -87,7 +87,7 @@ class SelectSingleBoxElement extends AbstractFormElement
'</div>',
'</div>',
'<p>',
- '<em>' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.holdDownCTRL', true) . '</em>',
+ '<em>' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.holdDownCTRL')) . '</em>',
'</p>',
]);
$html = implode(LF, $html);
diff --git a/typo3/sysext/backend/Classes/Form/Wizard/SuggestWizard.php b/typo3/sysext/backend/Classes/Form/Wizard/SuggestWizard.php
index 1e51fb5f29d389e25904c9c8f462df322b6f101f..2003273d1e16438fdc28c3209f8cac1acb55e924 100644
--- a/typo3/sysext/backend/Classes/Form/Wizard/SuggestWizard.php
+++ b/typo3/sysext/backend/Classes/Form/Wizard/SuggestWizard.php
@@ -83,7 +83,7 @@ class SuggestWizard
<div class="input-group">
<span class="input-group-addon">' . $iconFactory->getIcon('actions-search', Icon::SIZE_SMALL)->render() . '</span>
<input type="search" class="t3-form-suggest form-control"
- placeholder="' . $languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.findRecord', true) . '"
+ placeholder="' . htmlspecialchars($languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.findRecord')) . '"
data-fieldname="' . htmlspecialchars($fieldname) . '"
data-table="' . htmlspecialchars($table) . '"
data-field="' . htmlspecialchars($field) . '"
diff --git a/typo3/sysext/backend/Classes/History/RecordHistory.php b/typo3/sysext/backend/Classes/History/RecordHistory.php
index 0ac81c5d06478a85e43b94db3c44feaf5cb5232e..f54c76386aa6a932cf122aa1bc702886207d3e97 100644
--- a/typo3/sysext/backend/Classes/History/RecordHistory.php
+++ b/typo3/sysext/backend/Classes/History/RecordHistory.php
@@ -459,7 +459,7 @@ class RecordHistory
// Re-write field names with labels
$tmpFieldList = explode(',', $entry['fieldlist']);
foreach ($tmpFieldList as $key => $value) {
- $tmp = str_replace(':', '', $languageService->sL(BackendUtility::getItemLabel($entry['tablename'], $value), true));
+ $tmp = str_replace(':', '', htmlspecialchars($languageService->sL(BackendUtility::getItemLabel($entry['tablename'], $value))));
if ($tmp) {
$tmpFieldList[$key] = $tmp;
} else {
@@ -563,7 +563,7 @@ class RecordHistory
);
$lines[] = array(
'title' => ($rollbackUid ? $this->createRollbackLink(($table . ':' . $rollbackUid . ':' . $fN), htmlspecialchars($languageService->getLL('revertField')), 2) : '') . '
- ' . $languageService->sL(BackendUtility::getItemLabel($table, $fN), true),
+ ' . htmlspecialchars($languageService->sL(BackendUtility::getItemLabel($table, $fN))),
'result' => str_replace('\n', PHP_EOL, str_replace('\r\n', '\n', $diffres))
);
}
diff --git a/typo3/sysext/backend/Classes/Tree/Pagetree/Commands.php b/typo3/sysext/backend/Classes/Tree/Pagetree/Commands.php
index 363a3368baaee4c5fe4a68b9f09032e02a6a1ef1..6008960cab01b4627c045cd280fd6bc8ed4af487 100644
--- a/typo3/sysext/backend/Classes/Tree/Pagetree/Commands.php
+++ b/typo3/sysext/backend/Classes/Tree/Pagetree/Commands.php
@@ -175,7 +175,7 @@ class Commands
$data['pages'][$placeholder]['pid'] = $pid;
$data['pages'][$placeholder]['doktype'] = $pageType;
- $data['pages'][$placeholder]['title'] = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:tree.defaultPageTitle', true);
+ $data['pages'][$placeholder]['title'] = htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:tree.defaultPageTitle'));
$newPageId = self::processTceCmdAndDataMap(array(), $data);
$node = self::getNode($newPageId[$placeholder]);
if ($pid !== $targetId) {
@@ -327,7 +327,7 @@ class Commands
$text = $record['nav_title'];
}
if (trim($text) === '') {
- $visibleText = '[' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title', true) . ']';
+ $visibleText = '[' . htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title')) . ']';
} else {
$visibleText = $text;
}
diff --git a/typo3/sysext/backend/Classes/Tree/Pagetree/ExtdirectTreeDataProvider.php b/typo3/sysext/backend/Classes/Tree/Pagetree/ExtdirectTreeDataProvider.php
index 9559a838d28b2b024ea7d0eb61c7bf11916ef0dd..738528a8c5edc369c5ccc6b288a31761d26d0eb6 100644
--- a/typo3/sysext/backend/Classes/Tree/Pagetree/ExtdirectTreeDataProvider.php
+++ b/typo3/sysext/backend/Classes/Tree/Pagetree/ExtdirectTreeDataProvider.php
@@ -141,7 +141,7 @@ class ExtdirectTreeDataProvider extends \TYPO3\CMS\Backend\Tree\AbstractExtJsTre
if (!$isAdmin && !in_array($doktype, $allowedDoktypes)) {
continue;
}
- $label = $GLOBALS['LANG']->sL($doktypeLabelMap[$doktype], true);
+ $label = htmlspecialchars($GLOBALS['LANG']->sL($doktypeLabelMap[$doktype]));
$icon = $this->iconFactory->getIcon($GLOBALS['TCA']['pages']['ctrl']['typeicon_classes'][$doktype], Icon::SIZE_SMALL)->render();
$output[] = array(
'nodeType' => $doktype,
@@ -182,20 +182,20 @@ class ExtdirectTreeDataProvider extends \TYPO3\CMS\Backend\Tree\AbstractExtJsTre
$indicators = $this->getIndicators();
$configuration = array(
'LLL' => array(
- 'copyHint' => $GLOBALS['LANG']->sL($file . 'tree.copyHint', true),
- 'fakeNodeHint' => $GLOBALS['LANG']->sL($file . 'mess.please_wait', true),
- 'activeFilterMode' => $GLOBALS['LANG']->sL($file . 'tree.activeFilterMode', true),
- 'dropToRemove' => $GLOBALS['LANG']->sL($file . 'tree.dropToRemove', true),
- 'buttonRefresh' => $GLOBALS['LANG']->sL($file . 'labels.refresh', true),
- 'buttonNewNode' => $GLOBALS['LANG']->sL($file . 'tree.buttonNewNode', true),
- 'buttonFilter' => $GLOBALS['LANG']->sL($file . 'tree.buttonFilter', true),
- 'dropZoneElementRemoved' => $GLOBALS['LANG']->sL($file . 'tree.dropZoneElementRemoved', true),
- 'dropZoneElementRestored' => $GLOBALS['LANG']->sL($file . 'tree.dropZoneElementRestored', true),
- 'searchTermInfo' => $GLOBALS['LANG']->sL($file . 'tree.searchTermInfo', true),
- 'temporaryMountPointIndicatorInfo' => $GLOBALS['LANG']->sL($file . 'labels.temporaryDBmount', true),
- 'deleteDialogTitle' => $GLOBALS['LANG']->sL('LLL:EXT:backend/Resources/Private/Language/locallang_layout.xlf:deleteItem', true),
- 'deleteDialogMessage' => $GLOBALS['LANG']->sL('LLL:EXT:backend/Resources/Private/Language/locallang_layout.xlf:deleteWarning', true),
- 'recursiveDeleteDialogMessage' => $GLOBALS['LANG']->sL('LLL:EXT:backend/Resources/Private/Language/locallang_layout.xlf:recursiveDeleteWarning', true)
+ 'copyHint' => htmlspecialchars($GLOBALS['LANG']->sL($file . 'tree.copyHint')),
+ 'fakeNodeHint' => htmlspecialchars($GLOBALS['LANG']->sL($file . 'mess.please_wait')),
+ 'activeFilterMode' => htmlspecialchars($GLOBALS['LANG']->sL($file . 'tree.activeFilterMode')),
+ 'dropToRemove' => htmlspecialchars($GLOBALS['LANG']->sL($file . 'tree.dropToRemove')),
+ 'buttonRefresh' => htmlspecialchars($GLOBALS['LANG']->sL($file . 'labels.refresh')),
+ 'buttonNewNode' => htmlspecialchars($GLOBALS['LANG']->sL($file . 'tree.buttonNewNode')),
+ 'buttonFilter' => htmlspecialchars($GLOBALS['LANG']->sL($file . 'tree.buttonFilter')),
+ 'dropZoneElementRemoved' => htmlspecialchars($GLOBALS['LANG']->sL($file . 'tree.dropZoneElementRemoved')),
+ 'dropZoneElementRestored' => htmlspecialchars($GLOBALS['LANG']->sL($file . 'tree.dropZoneElementRestored')),
+ 'searchTermInfo' => htmlspecialchars($GLOBALS['LANG']->sL($file . 'tree.searchTermInfo')),
+ 'temporaryMountPointIndicatorInfo' => htmlspecialchars($GLOBALS['LANG']->sL($file . 'labels.temporaryDBmount')),
+ 'deleteDialogTitle' => htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:backend/Resources/Private/Language/locallang_layout.xlf:deleteItem')),
+ 'deleteDialogMessage' => htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:backend/Resources/Private/Language/locallang_layout.xlf:deleteWarning')),
+ 'recursiveDeleteDialogMessage' => htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:backend/Resources/Private/Language/locallang_layout.xlf:recursiveDeleteWarning'))
),
'Configuration' => array(
'hideFilter' => $GLOBALS['BE_USER']->getTSConfigVal('options.pageTree.hideFilter'),
diff --git a/typo3/sysext/backend/Classes/Tree/View/AbstractTreeView.php b/typo3/sysext/backend/Classes/Tree/View/AbstractTreeView.php
index 6d6311a8de35d011baa646eb6ffd2e92995e8a66..200e640d6f5f3eaba92c4326f6f928a64af28e7a 100644
--- a/typo3/sysext/backend/Classes/Tree/View/AbstractTreeView.php
+++ b/typo3/sysext/backend/Classes/Tree/View/AbstractTreeView.php
@@ -685,7 +685,7 @@ abstract class AbstractTreeView
public function getTitleStr($row, $titleLen = 30)
{
$title = htmlspecialchars(GeneralUtility::fixed_lgd_cs($row['title'], $titleLen));
- $title = trim($row['title']) === '' ? '<em>[' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title', true) . ']</em>' : $title;
+ $title = trim($row['title']) === '' ? '<em>[' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title')) . ']</em>' : $title;
return $title;
}
diff --git a/typo3/sysext/backend/Classes/Tree/View/PagePositionMap.php b/typo3/sysext/backend/Classes/Tree/View/PagePositionMap.php
index 80d652419df03166f786bfc0370be9e5d407a4e9..e2b37cc0c76a60cfd0aec0a5fee3991a8f3322bf 100644
--- a/typo3/sysext/backend/Classes/Tree/View/PagePositionMap.php
+++ b/typo3/sysext/backend/Classes/Tree/View/PagePositionMap.php
@@ -412,7 +412,7 @@ class PagePositionMap
$head = '';
foreach ($tcaItems as $item) {
if ($item[1] == $columnKey) {
- $head = $this->getLanguageService()->sL($item[0], true);
+ $head = htmlspecialchars($this->getLanguageService()->sL($item[0]));
}
}
// Render the grid cell
@@ -451,7 +451,7 @@ class PagePositionMap
$row = '';
foreach ($colPosArray as $kk => $vv) {
$row .= '<td class="col-nowrap col-min" width="' . round(100 / $count) . '%">';
- $row .= '<p><strong>' . $this->wrapColumnHeader($this->getLanguageService()->sL(BackendUtility::getLabelFromItemlist('tt_content', 'colPos', $vv), true), $vv) . '</strong></p>';
+ $row .= '<p><strong>' . $this->wrapColumnHeader(htmlspecialchars($this->getLanguageService()->sL(BackendUtility::getLabelFromItemlist('tt_content', 'colPos', $vv))), $vv) . '</strong></p>';
if (!empty($lines[$vv])) {
$row .= '<ul class="list-unstyled">';
foreach ($lines[$vv] as $line) {
diff --git a/typo3/sysext/backend/Classes/Tree/View/PageTreeView.php b/typo3/sysext/backend/Classes/Tree/View/PageTreeView.php
index 42158b7277e722da1e84397b38370418dc311fae..a91fa9e4e5b92131ef96746ce907bead52dd1017 100644
--- a/typo3/sysext/backend/Classes/Tree/View/PageTreeView.php
+++ b/typo3/sysext/backend/Classes/Tree/View/PageTreeView.php
@@ -126,7 +126,7 @@ class PageTreeView extends AbstractTreeView
{
$lang = $this->getLanguageService();
if ($this->ext_showNavTitle && isset($row['nav_title']) && trim($row['nav_title']) !== '') {
- $title = '<span title="' . $lang->sL('LLL:EXT:lang/locallang_tca.xlf:title', true) . ' '
+ $title = '<span title="' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_tca.xlf:title')) . ' '
. htmlspecialchars(trim($row['title'])) . '">'
. htmlspecialchars(GeneralUtility::fixed_lgd_cs($row['nav_title'], $titleLen))
. '</span>';
@@ -134,12 +134,12 @@ class PageTreeView extends AbstractTreeView
$title = htmlspecialchars(GeneralUtility::fixed_lgd_cs($row['title'], $titleLen));
if (isset($row['nav_title']) && trim($row['nav_title']) !== '') {
$title = '<span title="'
- . $lang->sL('LLL:EXT:frontend/Resources/Private/Language/locallang_tca.xlf:pages.nav_title', true)
+ . htmlspecialchars($lang->sL('LLL:EXT:frontend/Resources/Private/Language/locallang_tca.xlf:pages.nav_title'))
. ' ' . htmlspecialchars(trim($row['nav_title'])) . '">' . $title
. '</span>';
}
$title = trim($row['title']) === ''
- ? '<em>[' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title', true) . ']</em>'
+ ? '<em>[' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title')) . ']</em>'
: $title;
}
return $title;
diff --git a/typo3/sysext/backend/Classes/View/PageLayoutView.php b/typo3/sysext/backend/Classes/View/PageLayoutView.php
index 3044c1ba51c8caaf007440321550596343cdccf1..d85c5ede39c8d73ea90dc3d8e9986370be2787e7 100644
--- a/typo3/sysext/backend/Classes/View/PageLayoutView.php
+++ b/typo3/sysext/backend/Classes/View/PageLayoutView.php
@@ -409,11 +409,11 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
if (substr($field, 0, 6) == 'table_') {
$f2 = substr($field, 6);
if ($GLOBALS['TCA'][$f2]) {
- $theData[$field] = ' ' . '<span title="' . $this->getLanguageService()->sL($GLOBALS['TCA'][$f2]['ctrl']['title'], true) . '">' . $this->iconFactory->getIconForRecord($f2, array(), Icon::SIZE_SMALL)->render() . '</span>';
+ $theData[$field] = ' ' . '<span title="' . htmlspecialchars($this->getLanguageService()->sL($GLOBALS['TCA'][$f2]['ctrl']['title'])) . '">' . $this->iconFactory->getIconForRecord($f2, array(), Icon::SIZE_SMALL)->render() . '</span>';
}
} else {
$theData[$field] = ' <strong>'
- . $this->getLanguageService()->sL($GLOBALS['TCA']['pages']['columns'][$field]['label'], true)
+ . htmlspecialchars($this->getLanguageService()->sL($GLOBALS['TCA']['pages']['columns'][$field]['label']))
. '</strong>' . $eI;
}
}
@@ -809,7 +809,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
$viewLink = '';
if (!VersionState::cast($this->getPageLayoutController()->pageinfo['t3ver_state'])->equals(VersionState::DELETE_PLACEHOLDER)) {
$onClick = BackendUtility::viewOnClick($this->id, '', BackendUtility::BEgetRootLine($this->id), '', '', ('&L=' . $lP));
- $viewLink = '<a href="#" class="btn btn-default btn-sm" onclick="' . htmlspecialchars($onClick) . '" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage', true) . '">' . $this->iconFactory->getIcon('actions-view', Icon::SIZE_SMALL)->render() . '</a>';
+ $viewLink = '<a href="#" class="btn btn-default btn-sm" onclick="' . htmlspecialchars($onClick) . '" title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage')) . '">' . $this->iconFactory->getIcon('actions-view', Icon::SIZE_SMALL)->render() . '</a>';
}
// Language overlay page header:
if ($lP) {
@@ -968,7 +968,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
$theData = array();
$theData = $this->headerFields($this->fieldArray, $table, $theData);
// Title row
- $localizedTableTitle = $this->getLanguageService()->sL($GLOBALS['TCA'][$table]['ctrl']['title'], true);
+ $localizedTableTitle = htmlspecialchars($this->getLanguageService()->sL($GLOBALS['TCA'][$table]['ctrl']['title']));
$out .= '<tr><th class="col-icon"></th>'
. '<th colspan="' . (count($theData) - 2) . '"><span class="c-table">'
. $localizedTableTitle . '</span> (' . $dbCount . ')</td>' . '<td class="col-icon"></td>'
@@ -1115,7 +1115,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
public function headerFields($fieldArr, $table, $out = array())
{
foreach ($fieldArr as $fieldName) {
- $ll = $this->getLanguageService()->sL($GLOBALS['TCA'][$table]['columns'][$fieldName]['label'], true);
+ $ll = htmlspecialchars($this->getLanguageService()->sL($GLOBALS['TCA'][$table]['columns'][$fieldName]['label']));
$out[$fieldName] = $ll ? $ll : ' ';
}
return $out;
@@ -1543,7 +1543,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
$hiddenHeaderNote = '';
// If header layout is set to 'hidden', display an accordant note:
if ($row['header_layout'] == 100) {
- $hiddenHeaderNote = ' <em>[' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.hidden', true) . ']</em>';
+ $hiddenHeaderNote = ' <em>[' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.hidden')) . ']</em>';
}
$outHeader = $row['date']
? htmlspecialchars($this->itemLabels['date'] . ' ' . BackendUtility::date($row['date'])) . '<br />'
@@ -1672,13 +1672,13 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
} elseif (!empty($row['list_type'])) {
$label = BackendUtility::getLabelFromItemListMerged($row['pid'], 'tt_content', 'list_type', $row['list_type']);
if (!empty($label)) {
- $out .= $this->linkEditContent('<strong>' . $this->getLanguageService()->sL($label, true) . '</strong>', $row) . '<br />';
+ $out .= $this->linkEditContent('<strong>' . htmlspecialchars($this->getLanguageService()->sL($label)) . '</strong>', $row) . '<br />';
} else {
$message = sprintf($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.noMatchingValue'), $row['list_type']);
$out .= '<span class="label label-warning">' . htmlspecialchars($message) . '</span>';
}
} elseif (!empty($row['select_key'])) {
- $out .= $this->getLanguageService()->sL(BackendUtility::getItemLabel('tt_content', 'select_key'), true)
+ $out .= htmlspecialchars($this->getLanguageService()->sL(BackendUtility::getItemLabel('tt_content', 'select_key')))
. ' ' . $row['select_key'] . '<br />';
} else {
$out .= '<strong>' . $this->getLanguageService()->getLL('noPluginSelected') . '</strong>';
@@ -2235,16 +2235,16 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
if ($c || $tName === 'tt_content') {
// Add row to menu:
$out .= '
- <td><a href="#' . $tName . '" title="' . $this->getLanguageService()->sL($GLOBALS['TCA'][$tName]['ctrl']['title'], true) . '"></a>'
+ <td><a href="#' . $tName . '" title="' . htmlspecialchars($this->getLanguageService()->sL($GLOBALS['TCA'][$tName]['ctrl']['title'])) . '"></a>'
. $this->iconFactory->getIconForRecord($tName, array(), Icon::SIZE_SMALL)->render()
. '</td>';
// ... and to the internal array, activeTables we also add table icon and title (for use elsewhere)
- $title = $this->getLanguageService()->sL($GLOBALS['TCA'][$tName]['ctrl']['title'], true)
+ $title = htmlspecialchars($this->getLanguageService()->sL($GLOBALS['TCA'][$tName]['ctrl']['title']))
. ': ' . $c . ' ' . htmlspecialchars($this->getLanguageService()->getLL('records'));
$this->activeTables[$tName] = '<span title="' . $title . '">'
. $this->iconFactory->getIconForRecord($tName, array(), Icon::SIZE_SMALL)->render()
. '</span>'
- . ' ' . $this->getLanguageService()->sL($GLOBALS['TCA'][$tName]['ctrl']['title'], true);
+ . ' ' . htmlspecialchars($this->getLanguageService()->sL($GLOBALS['TCA'][$tName]['ctrl']['title']));
}
}
}
diff --git a/typo3/sysext/core/Classes/Database/QueryView.php b/typo3/sysext/core/Classes/Database/QueryView.php
index d4ed78b7d4c1bb9dacda7e12e5c844b589f51208..6e1e8e79505e31b38c67b4251a8ff9576ab2ff44 100644
--- a/typo3/sysext/core/Classes/Database/QueryView.php
+++ b/typo3/sysext/core/Classes/Database/QueryView.php
@@ -614,7 +614,7 @@ class QueryView
$markup = [];
$markup[] = '<div class="panel panel-default">';
$markup[] = ' <div class="panel-heading">';
- $markup[] = $this->languageService->sL($conf['ctrl']['title'], true) . ' (' . $count . ')';
+ $markup[] = htmlspecialchars($this->languageService->sL($conf['ctrl']['title'])) . ' (' . $count . ')';
$markup[] = ' </div>';
$markup[] = ' <table class="table table-striped table-hover">';
$markup[] = $this->resultRowTitles($lrow, $conf, $table);
@@ -1146,7 +1146,7 @@ class QueryView
? $conf['columns'][$fieldName]['label']
: $fieldName, true);
} else {
- $title = $this->languageService->sL($fieldName, true);
+ $title = htmlspecialchars($this->languageService->sL($fieldName));
}
$tableHeader[] = '<th>' . $title . '</th>';
}
@@ -1179,7 +1179,7 @@ class QueryView
? $conf['columns'][$fieldName]['label']
: $fieldName, true);
} else {
- $out = $this->languageService->sL($fieldName, true);
+ $out = htmlspecialchars($this->languageService->sL($fieldName));
}
} else {
if ($GLOBALS['SOBE']->MOD_SETTINGS['search_result_labels']) {
@@ -1187,7 +1187,7 @@ class QueryView
? $conf['columns'][$fieldName]['label']
: $fieldName), true);
} else {
- $out .= ',' . $this->languageService->sL($fieldName, true);
+ $out .= ',' . htmlspecialchars($this->languageService->sL($fieldName));
}
}
}
diff --git a/typo3/sysext/core/Classes/Resource/Hook/FileInfoHook.php b/typo3/sysext/core/Classes/Resource/Hook/FileInfoHook.php
index 7e30681caf5916a8adc8bb27e91def8f4c4571b7..10aca1abad8728eccfa05b5125d84f9dfbd77961 100644
--- a/typo3/sysext/core/Classes/Resource/Hook/FileInfoHook.php
+++ b/typo3/sysext/core/Classes/Resource/Hook/FileInfoHook.php
@@ -88,11 +88,11 @@ class FileInfoHook
$content .= '<strong>' . htmlspecialchars($file->getName()) . '</strong>';
$content .= ' (' . htmlspecialchars(GeneralUtility::formatSize($file->getSize())) . 'bytes)<br />';
$content .= BackendUtility::getProcessedValue('sys_file', 'type', $file->getType()) . ' (' . $file->getMimeType() . ')<br />';
- $content .= $lang->sL('LLL:EXT:lang/locallang_misc.xlf:fileMetaDataLocation', true) . ': ';
+ $content .= htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_misc.xlf:fileMetaDataLocation')) . ': ';
$content .= htmlspecialchars($file->getStorage()->getName()) . ' - ' . htmlspecialchars($file->getIdentifier()) . '<br />';
$content .= '<br />';
} else {
- $content = '<h2>' . $lang->sL('LLL:EXT:lang/locallang_misc.xlf:fileMetaErrorInvalidRecord', true) . '</h2>';
+ $content = '<h2>' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_misc.xlf:fileMetaErrorInvalidRecord')) . '</h2>';
}
return $content;
diff --git a/typo3/sysext/core/Classes/Resource/Utility/ListUtility.php b/typo3/sysext/core/Classes/Resource/Utility/ListUtility.php
index a99a7d2c7ad9205d8fcd3ecda26adb8ed6ceb9ed..9d93c01732851583fab5c1caae90f5d44533db43 100644
--- a/typo3/sysext/core/Classes/Resource/Utility/ListUtility.php
+++ b/typo3/sysext/core/Classes/Resource/Utility/ListUtility.php
@@ -39,7 +39,7 @@ class ListUtility
$name = $folder->getName();
$role = $folder->getRole();
if ($role !== FolderInterface::ROLE_DEFAULT) {
- $tempName = $lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:role_folder_' . $role, true);
+ $tempName = htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:role_folder_' . $role));
if (!empty($tempName) && ($tempName !== $name)) {
// Set new name and append original name
$name = $tempName . ' (' . $name . ')';
diff --git a/typo3/sysext/extensionmanager/Classes/ViewHelpers/Form/TypoScriptConstantsViewHelper.php b/typo3/sysext/extensionmanager/Classes/ViewHelpers/Form/TypoScriptConstantsViewHelper.php
index 28fa91cb30e2ecc0e451b555e48a65fb15298c42..09aa2181519ee816f51d7ca286c8bedc79e026db 100644
--- a/typo3/sysext/extensionmanager/Classes/ViewHelpers/Form/TypoScriptConstantsViewHelper.php
+++ b/typo3/sysext/extensionmanager/Classes/ViewHelpers/Form/TypoScriptConstantsViewHelper.php
@@ -170,7 +170,7 @@ class TypoScriptConstantsViewHelper extends \TYPO3\CMS\Fluid\Core\ViewHelper\Abs
if ($configuration->getValue() == $value) {
$output .= ' selected="selected"';
}
- $output .= '>' . $GLOBALS['LANG']->sL($label, true) . '</option>';
+ $output .= '>' . htmlspecialchars($GLOBALS['LANG']->sL($label)) . '</option>';
}
$this->tag->setContent($output);
return $this->tag->render();
diff --git a/typo3/sysext/felogin/Classes/Hooks/CmsLayout.php b/typo3/sysext/felogin/Classes/Hooks/CmsLayout.php
index acad87e6d4a398be9ca14a1685b6e2baf0bd6b73..14ae42d119fd32065cf57c64766f0e2e355d3cfc 100644
--- a/typo3/sysext/felogin/Classes/Hooks/CmsLayout.php
+++ b/typo3/sysext/felogin/Classes/Hooks/CmsLayout.php
@@ -34,7 +34,7 @@ class CmsLayout implements \TYPO3\CMS\Backend\View\PageLayoutViewDrawItemHookInt
{
if ($row['CType'] === 'login') {
$drawItem = false;
- $itemContent .= $parentObject->linkEditContent('<strong>' . $GLOBALS['LANG']->sL('LLL:EXT:backend/Resources/Private/Language/locallang_db_new_content_el.xlf:forms_login_title', true) . '</strong>', $row);
+ $itemContent .= $parentObject->linkEditContent('<strong>' . htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:backend/Resources/Private/Language/locallang_db_new_content_el.xlf:forms_login_title')) . '</strong>', $row);
}
}
}
diff --git a/typo3/sysext/filelist/Classes/FileList.php b/typo3/sysext/filelist/Classes/FileList.php
index 6f8a98ba833fb3f86872ebca6866d702b0a0eea2..7c40ee37853b4534d3b2354dd1801faee10a95ed 100644
--- a/typo3/sysext/filelist/Classes/FileList.php
+++ b/typo3/sysext/filelist/Classes/FileList.php
@@ -463,7 +463,7 @@ class FileList extends AbstractRecordList
$parentFolder = $currentFolder->getParentFolder();
if ($parentFolder->getIdentifier() !== $currentFolder->getIdentifier() && $currentStorage->isWithinFileMountBoundaries($parentFolder)) {
$levelUp = $this->linkWrapDir(
- '<span title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.upOneLevel', true) . '">'
+ '<span title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.upOneLevel')) . '">'
. $this->iconFactory->getIcon('actions-view-go-up', Icon::SIZE_SMALL)->render()
. '</span>',
$parentFolder
@@ -864,8 +864,8 @@ class FileList extends AbstractRecordList
// For normal clipboard, add copy/cut buttons:
if ($this->clipObj->current === 'normal') {
$isSel = $this->clipObj->isSelected('_FILE', $md5);
- $copyTitle = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.copy', true);
- $cutTitle = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.cut', true);
+ $copyTitle = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.copy'));
+ $cutTitle = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.cut'));
$copyIcon = $this->iconFactory->getIcon('actions-edit-copy', Icon::SIZE_SMALL)->render();
$cutIcon = $this->iconFactory->getIcon('actions-edit-cut', Icon::SIZE_SMALL)->render();
diff --git a/typo3/sysext/fluid/Classes/ViewHelpers/Be/PagePathViewHelper.php b/typo3/sysext/fluid/Classes/ViewHelpers/Be/PagePathViewHelper.php
index 742250395a4aed3b65bce8240d0ddedd88a44149..9865ddbef5bc4d03db3a03a6ba5da26d3707b66b 100644
--- a/typo3/sysext/fluid/Classes/ViewHelpers/Be/PagePathViewHelper.php
+++ b/typo3/sysext/fluid/Classes/ViewHelpers/Be/PagePathViewHelper.php
@@ -66,7 +66,7 @@ class PagePathViewHelper extends AbstractBackendViewHelper
$title = $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'];
}
// Setting the path of the page
- $pagePath = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.path', true) . ': <span class="typo3-docheader-pagePath">';
+ $pagePath = htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.path')) . ': <span class="typo3-docheader-pagePath">';
// crop the title to title limit (or 50, if not defined)
$cropLength = empty($GLOBALS['BE_USER']->uc['titleLen']) ? 50 : $GLOBALS['BE_USER']->uc['titleLen'];
$croppedTitle = GeneralUtility::fixed_lgd_cs($title, -$cropLength);
diff --git a/typo3/sysext/impexp/Classes/ImportExport.php b/typo3/sysext/impexp/Classes/ImportExport.php
index 481ab980999de0825f0798cb080c45df4668e475..bcfa8f280b32b0f0ffc28358cf7fa6ee2dfe2d12 100644
--- a/typo3/sysext/impexp/Classes/ImportExport.php
+++ b/typo3/sysext/impexp/Classes/ImportExport.php
@@ -1175,7 +1175,7 @@ abstract class ImportExport
foreach ($output as $fN => $state) {
$tRows[] = '
<tr>
- <td>' . $this->getLanguageService()->sL($GLOBALS['TCA'][$table]['columns'][$fN]['label'], true) . ' (' . htmlspecialchars($fN) . ')</td>
+ <td>' . htmlspecialchars($this->getLanguageService()->sL($GLOBALS['TCA'][$table]['columns'][$fN]['label'])) . ' (' . htmlspecialchars($fN) . ')</td>
<td>' . $state . '</td>
</tr>
';
diff --git a/typo3/sysext/impexp/Classes/View/ExportPageTreeView.php b/typo3/sysext/impexp/Classes/View/ExportPageTreeView.php
index 027baba1aee7d3b9e4428644559b60e3ee0af0f3..f7fa51edc8960c1a1ee09c9d9916124279568f8c 100644
--- a/typo3/sysext/impexp/Classes/View/ExportPageTreeView.php
+++ b/typo3/sysext/impexp/Classes/View/ExportPageTreeView.php
@@ -45,7 +45,7 @@ class ExportPageTreeView extends BrowseTreeView
*/
public function wrapTitle($title, $row, $bank = 0)
{
- return trim($title) === '' ? '<em>[' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title', true) . ']</em>' : htmlspecialchars($title);
+ return trim($title) === '' ? '<em>[' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.no_title')) . ']</em>' : htmlspecialchars($title);
}
/**
diff --git a/typo3/sysext/opendocs/Classes/Backend/ToolbarItems/OpendocsToolbarItem.php b/typo3/sysext/opendocs/Classes/Backend/ToolbarItems/OpendocsToolbarItem.php
index f475294fb5049aa9b9985dc7d87ff5a50b86fa83..552cecbd65fe2b6121b8f0b269639057abac8708 100644
--- a/typo3/sysext/opendocs/Classes/Backend/ToolbarItems/OpendocsToolbarItem.php
+++ b/typo3/sysext/opendocs/Classes/Backend/ToolbarItems/OpendocsToolbarItem.php
@@ -158,7 +158,7 @@ class OpendocsToolbarItem implements ToolbarItemInterface
}
$onClickCode = 'jump(' . GeneralUtility::quoteJSvalue($link) . ', \'web_list\', \'web\', ' . $pageId . '); TYPO3.OpendocsMenu.toggleMenu(); return false;';
if (!$isRecentDoc) {
- $title = $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:rm.closeDoc', true);
+ $title = htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:rm.closeDoc'));
// Open document
$closeIcon = $this->iconFactory->getIcon('actions-close', Icon::SIZE_SMALL)->render('inline');
$entry = '
diff --git a/typo3/sysext/recordlist/Classes/Browser/DatabaseBrowser.php b/typo3/sysext/recordlist/Classes/Browser/DatabaseBrowser.php
index ee94f9b16df3d48b66b4da865afd144834c694e7..da4f4c432297d8c4a183a3f79d54f1568e5527cd 100644
--- a/typo3/sysext/recordlist/Classes/Browser/DatabaseBrowser.php
+++ b/typo3/sysext/recordlist/Classes/Browser/DatabaseBrowser.php
@@ -151,7 +151,7 @@ class DatabaseBrowser extends AbstractElementBrowser implements ElementBrowserIn
return '';
}
$link = '<p><a href="' . htmlspecialchars(GeneralUtility::linkThisScript(array('setTempDBmount' => 0))) . '" class="btn btn-primary">'
- . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.temporaryDBmount', true) . '</a></p>';
+ . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.temporaryDBmount')) . '</a></p>';
return $link;
}
diff --git a/typo3/sysext/recordlist/Classes/Browser/FileBrowser.php b/typo3/sysext/recordlist/Classes/Browser/FileBrowser.php
index 8bd6ac1b30f705d0e8d1ea97252aae702ca34fcc..656a15fbfbe6f6860e55ac78d681b6988a3199d0 100644
--- a/typo3/sysext/recordlist/Classes/Browser/FileBrowser.php
+++ b/typo3/sysext/recordlist/Classes/Browser/FileBrowser.php
@@ -413,7 +413,7 @@ class FileBrowser extends AbstractElementBrowser implements ElementBrowserInterf
$addParams,
'id="checkDisplayThumbs"'
)
- . $lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:displayThumbs', true) . '</label></div>';
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:displayThumbs')) . '</label></div>';
$out .= $thumbNailCheck;
} else {
$out .= '<div style="padding-top: 15px;"></div>';
diff --git a/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php b/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php
index 475b7cc4ffc39dc556a6f073cafca695ca212dd0..f981c091c0844f78db57e10f7b9b1a673fa5a805 100644
--- a/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php
+++ b/typo3/sysext/recordlist/Classes/LinkHandler/PageLinkHandler.php
@@ -227,7 +227,7 @@ class PageLinkHandler extends AbstractLinkHandler implements LinkHandlerInterfac
return '';
}
$link = '<p><a href="' . htmlspecialchars(GeneralUtility::linkThisScript(array('setTempDBmount' => 0))) . '" class="btn btn-primary">'
- . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.temporaryDBmount', true) . '</a></p>';
+ . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.temporaryDBmount')) . '</a></p>';
return $link;
}
diff --git a/typo3/sysext/recordlist/Classes/View/FolderUtilityRenderer.php b/typo3/sysext/recordlist/Classes/View/FolderUtilityRenderer.php
index 2fbf470b332eabd6c1894f22d2e49d70a7553a9b..9c4a6d79d79ceb21ef99c7bc2274646e23b53f4b 100644
--- a/typo3/sysext/recordlist/Classes/View/FolderUtilityRenderer.php
+++ b/typo3/sysext/recordlist/Classes/View/FolderUtilityRenderer.php
@@ -88,7 +88,7 @@ class FolderUtilityRenderer
$markup[] = '<input type="hidden" name="redirect" value="' . htmlspecialchars($redirectValue) . '" />';
$markup[] = '</div><div class="col-xs-4">';
$markup[] = '<input class="btn btn-default" type="submit" name="submit" value="'
- . $lang->sL('LLL:EXT:lang/locallang_core.xlf:create_folder.submit', true) . '" />';
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:create_folder.submit')) . '" />';
$markup[] = '</div></div></form>';
$markup[] = '</div>';
@@ -135,7 +135,7 @@ class FolderUtilityRenderer
$markup[] = '<div class="element-browser-section element-browser-upload">';
$markup[] = ' <form action="' . htmlspecialchars($formAction)
. '" method="post" name="editform" enctype="multipart/form-data">';
- $markup[] = ' <h3>' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.php.pagetitle', true) . ':</h3>';
+ $markup[] = ' <h3>' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.php.pagetitle')) . ':</h3>';
$markup[] = ' <p><strong>' . htmlspecialchars($lang->getLL('path')) . ':</strong>' . htmlspecialchars($header) . '</p>';
// Traverse the number of upload fields:
for ($a = 1; $a <= $count; $a++) {
@@ -157,7 +157,7 @@ class FolderUtilityRenderer
if (!empty($fileExtList)) {
$markup[] = '<div class="form-group">';
$markup[] = ' <label>';
- $markup[] = $lang->sL('LLL:EXT:lang/locallang_core.xlf:cm.allowedFileExtensions', true) . '<br/>';
+ $markup[] = htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:cm.allowedFileExtensions')) . '<br/>';
$markup[] = ' </label>';
$markup[] = ' <div class="form-control">';
$markup[] = implode(' ', $fileExtList);
@@ -168,11 +168,11 @@ class FolderUtilityRenderer
$markup[] = '<div class="checkbox">';
$markup[] = ' <label>';
$markup[] = ' <input type="checkbox" name="overwriteExistingFiles" id="overwriteExistingFiles" value="1" />';
- $markup[] = $lang->sL('LLL:EXT:lang/locallang_misc.xlf:overwriteExistingFiles', true);
+ $markup[] = htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_misc.xlf:overwriteExistingFiles'));
$markup[] = ' </label>';
$markup[] = '</div>';
$markup[] = '<input class="btn btn-default" type="submit" name="submit" value="'
- . $lang->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.php.submit', true) . '" />';
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:file_upload.php.submit')) . '" />';
$markup[] = ' </form>';
$markup[] = '</div>';
@@ -198,7 +198,7 @@ class FolderUtilityRenderer
$markup[] = '<div class="element-browser-section element-browser-mediaurls">';
$markup[] = ' <form action="' . htmlspecialchars($formAction)
. '" method="post" name="editform1" id="typo3-addMediaForm" enctype="multipart/form-data">';
- $markup[] = '<h3>' . $lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media', true) . ':</h3>';
+ $markup[] = '<h3>' . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media')) . ':</h3>';
$markup[] = '<p><strong>' . htmlspecialchars($lang->getLL('path')) . ':</strong>' . htmlspecialchars($header) . '</p>';
$markup[] = '<div class="row form-group"><div class="col-xs-8">';
$markup[] = '<input type="hidden" name="file[newMedia][0][target]" value="'
@@ -206,10 +206,10 @@ class FolderUtilityRenderer
$markup[] = '<input type="hidden" name="file[newMedia][0][allowed]" value="'
. htmlspecialchars(implode(',', $allowedExtensions)) . '" />';
$markup[] = '<input type="text" name="file[newMedia][0][url]" class="form-control" placeholder="'
- . $lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.placeholder', true) . '" />';
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.placeholder')) . '" />';
$markup[] = '</div><div class="col-xs-4">';
$markup[] = '<button class="btn btn-default">'
- . $lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.submit', true) . '</button>';
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_core.xlf:online_media.new_media.submit')) . '</button>';
$markup[] = '</div></div>';
$markup[] = '<div class="form-group">';
diff --git a/typo3/sysext/recycler/Classes/Task/CleanerFieldProvider.php b/typo3/sysext/recycler/Classes/Task/CleanerFieldProvider.php
index f749dab4848e3a80608a4e81f4b54b75e873fd67..67c0a2afa30ec1f1f4a7e88f9bafcc14721f7024 100644
--- a/typo3/sysext/recycler/Classes/Task/CleanerFieldProvider.php
+++ b/typo3/sysext/recycler/Classes/Task/CleanerFieldProvider.php
@@ -125,7 +125,7 @@ class CleanerFieldProvider implements \TYPO3\CMS\Scheduler\AdditionalFieldProvid
$validTca = true;
} else {
$schedulerModule->addMessage(
- $this->getLanguageService()->sL('LLL:EXT:recycler/Resources/Private/Language/locallang_tasks.xlf:cleanerTaskErrorTCAempty', true),
+ $this->getLanguageService()->sL('LLL:EXT:recycler/Resources/Private/Language/locallang_tasks.xlf:cleanerTaskErrorTCAempty'),
FlashMessage::ERROR
);
$validTca = false;
@@ -148,7 +148,7 @@ class CleanerFieldProvider implements \TYPO3\CMS\Scheduler\AdditionalFieldProvid
if (!isset($GLOBALS['TCA'][$tcaTable])) {
$checkTca = false;
$schedulerModule->addMessage(
- sprintf($this->getLanguageService()->sL('LLL:EXT:recycler/Resources/Private/Language/locallang_tasks.xlf:cleanerTaskErrorTCANotSet', true), $tcaTable),
+ sprintf($this->getLanguageService()->sL('LLL:EXT:recycler/Resources/Private/Language/locallang_tasks.xlf:cleanerTaskErrorTCANotSet'), $tcaTable),
FlashMessage::ERROR
);
break;
@@ -173,7 +173,7 @@ class CleanerFieldProvider implements \TYPO3\CMS\Scheduler\AdditionalFieldProvid
$validPeriod = true;
} else {
$schedulerModule->addMessage(
- $this->getLanguageService()->sL('LLL:EXT:recycler/Resources/Private/Language/locallang_tasks.xlf:cleanerTaskErrorPeriod', true),
+ $this->getLanguageService()->sL('LLL:EXT:recycler/Resources/Private/Language/locallang_tasks.xlf:cleanerTaskErrorPeriod'),
FlashMessage::ERROR
);
$validPeriod = false;
diff --git a/typo3/sysext/rtehtmlarea/Classes/ImageHandler/AddImageHandler.php b/typo3/sysext/rtehtmlarea/Classes/ImageHandler/AddImageHandler.php
index e1327f2838fb4f3236fe3adb2c1b2bb6af0fedfa..21e46fb573408ef6af826c39485fb185cce326ad 100644
--- a/typo3/sysext/rtehtmlarea/Classes/ImageHandler/AddImageHandler.php
+++ b/typo3/sysext/rtehtmlarea/Classes/ImageHandler/AddImageHandler.php
@@ -477,7 +477,7 @@ class AddImageHandler implements LinkParameterProviderInterface, LinkHandlerInte
$addParams,
'id="checkDisplayThumbs"'
)
- . $lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:displayThumbs', true) . '</label></div>';
+ . htmlspecialchars($lang->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:displayThumbs')) . '</label></div>';
$out .= $thumbNailCheck;
} else {
$out .= '<div style="padding-top: 15px;"></div>';
diff --git a/typo3/sysext/scheduler/Classes/Controller/SchedulerModuleController.php b/typo3/sysext/scheduler/Classes/Controller/SchedulerModuleController.php
index 12622c9f464912914e75f2bd385e629f28a1349f..a750789a1f2da32f2a428706e20f9f2c19e20c64 100644
--- a/typo3/sysext/scheduler/Classes/Controller/SchedulerModuleController.php
+++ b/typo3/sysext/scheduler/Classes/Controller/SchedulerModuleController.php
@@ -1012,7 +1012,7 @@ class SchedulerModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClas
foreach ($taskGroup['tasks'] as $schedulerRecord) {
// Define action icons
$link = htmlspecialchars($this->moduleUri . '&CMD=edit&tx_scheduler[uid]=' . $schedulerRecord['uid']);
- $editAction = '<a class="btn btn-default" href="' . $link . '" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:edit', true) . '" class="icon">' .
+ $editAction = '<a class="btn btn-default" href="' . $link . '" title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:edit')) . '" class="icon">' .
$this->moduleTemplate->getIconFactory()->getIcon('actions-document-open', Icon::SIZE_SMALL)->render() . '</a>';
if ((int)$schedulerRecord['disable'] === 1) {
$translationKey = 'enable';
@@ -1023,21 +1023,21 @@ class SchedulerModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClas
}
$toggleHiddenAction = '<a class="btn btn-default" href="' . htmlspecialchars($this->moduleUri
. '&CMD=toggleHidden&tx_scheduler[uid]=' . $schedulerRecord['uid']) . '" title="'
- . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:' . $translationKey, true)
+ . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:' . $translationKey))
. '" class="icon">' . $icon->render() . '</a>';
$deleteAction = '<a class="btn btn-default t3js-modal-trigger" href="' . htmlspecialchars($this->moduleUri . '&CMD=delete&tx_scheduler[uid]=' . $schedulerRecord['uid']) . '" '
. ' data-severity="warning"'
- . ' data-title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:delete', true) . '"'
- . ' data-button-close-text="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:cancel', true) . '"'
+ . ' data-title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:delete')) . '"'
+ . ' data-button-close-text="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:cancel')) . '"'
. ' data-content="' . htmlspecialchars($this->getLanguageService()->getLL('msg.delete')) . '"'
- . ' title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:delete', true) . '" class="icon">' .
+ . ' title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:delete')) . '" class="icon">' .
$this->moduleTemplate->getIconFactory()->getIcon('actions-edit-delete', Icon::SIZE_SMALL)->render() . '</a>';
$stopAction = '<a class="btn btn-default t3js-modal-trigger" href="' . htmlspecialchars($this->moduleUri . '&CMD=stop&tx_scheduler[uid]=' . $schedulerRecord['uid']) . '" '
. ' data-severity="warning"'
- . ' data-title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:stop', true) . '"'
- . ' data-button-close-text="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:cancel', true) . '"'
+ . ' data-title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:stop')) . '"'
+ . ' data-button-close-text="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:cancel')) . '"'
. ' data-content="' . htmlspecialchars($this->getLanguageService()->getLL('msg.stop')) . '"'
- . ' title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:stop', true) . '" class="icon">' .
+ . ' title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:stop')) . '" class="icon">' .
$this->moduleTemplate->getIconFactory()->getIcon('actions-document-close', Icon::SIZE_SMALL)->render() . '</a>';
$runAction = '<a class="btn btn-default" href="' . htmlspecialchars($this->moduleUri . '&tx_scheduler[execute][]=' . $schedulerRecord['uid']) . '" title="' . htmlspecialchars($this->getLanguageService()->getLL('action.run_task')) . '" class="icon">' .
$this->moduleTemplate->getIconFactory()->getIcon('extensions-scheduler-run-task', Icon::SIZE_SMALL)->render() . '</a>';
diff --git a/typo3/sysext/sys_action/Classes/ActionTask.php b/typo3/sysext/sys_action/Classes/ActionTask.php
index f275e93cf0dbccabaa6d0c297126b5031e8e74cb..707f30d2327f2c00d7703b8c68094ac55ef218fa 100644
--- a/typo3/sysext/sys_action/Classes/ActionTask.php
+++ b/typo3/sysext/sys_action/Classes/ActionTask.php
@@ -707,7 +707,7 @@ class ActionTask implements \TYPO3\CMS\Taskcenter\TaskInterface
$path = BackendUtility::getRecordPath($el['id'], $this->taskObject->perms_clause, $this->getBackendUser()->uc['titleLen']);
$record = BackendUtility::getRecord($el['table'], $dbAnalysis->results[$el['table']][$el['id']]);
$title = BackendUtility::getRecordTitle($el['table'], $dbAnalysis->results[$el['table']][$el['id']]);
- $description = $this->getLanguageService()->sL($GLOBALS['TCA'][$el['table']]['ctrl']['title'], true);
+ $description = htmlspecialchars($this->getLanguageService()->sL($GLOBALS['TCA'][$el['table']]['ctrl']['title']));
// @todo: which information could be needful
if (isset($record['crdate'])) {
$description .= ' - ' . BackendUtility::dateTimeAge($record['crdate']);
diff --git a/typo3/sysext/version/Classes/Controller/VersionModuleController.php b/typo3/sysext/version/Classes/Controller/VersionModuleController.php
index 2148c35c668cd5d461add7988545cac86d631a82..b855833486c32e89d0f7778e86a8836692f70d77 100644
--- a/typo3/sysext/version/Classes/Controller/VersionModuleController.php
+++ b/typo3/sysext/version/Classes/Controller/VersionModuleController.php
@@ -239,7 +239,7 @@ class VersionModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClass
if ($this->recordFound && $GLOBALS['TCA'][$this->table]['ctrl']['versioningWS']) {
// View page
$buttons['view'] = '
- <a href="#" onclick="' . htmlspecialchars(BackendUtility::viewOnClick($this->pageinfo['uid'], '', BackendUtility::BEgetRootLine($this->pageinfo['uid']))) . '" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage', true) . '">
+ <a href="#" onclick="' . htmlspecialchars(BackendUtility::viewOnClick($this->pageinfo['uid'], '', BackendUtility::BEgetRootLine($this->pageinfo['uid']))) . '" title="' . htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage')) . '">
' . $this->moduleTemplate->getIconFactory()->getIcon('actions-document-view', Icon::SIZE_SMALL)->render() . '
</a>';
// Shortcut
@@ -383,7 +383,7 @@ class VersionModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClass
<td>' . $row['t3ver_count'] . '</td>
<td>' . $row['pid'] . '</td>
<td>
- <a href="' . htmlspecialchars($editUrl) . '" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:cm.edit', true) . '">
+ <a href="' . htmlspecialchars($editUrl) . '" title="' . htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:cm.edit')) . '">
' . $this->moduleTemplate->getIconFactory()->getIcon('actions-document-open', Icon::SIZE_SMALL)->render() . '
</a>' . htmlspecialchars($row['t3ver_label']) . '
</td>
@@ -455,7 +455,7 @@ class VersionModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClass
<table class="table">
<tr>
<th class="col-icon">' . $this->moduleTemplate->getIconFactory()->getIconForRecord($table, array(), Icon::SIZE_SMALL)->render() . '</th>
- <th class="col-title">' . $GLOBALS['LANG']->sL($GLOBALS['TCA'][$table]['ctrl']['title'], true) . '</th>
+ <th class="col-title">' . htmlspecialchars($GLOBALS['LANG']->sL($GLOBALS['TCA'][$table]['ctrl']['title'])) . '</th>
<th></th>
<th></th>
</tr>';
@@ -522,9 +522,9 @@ class VersionModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClass
],
'returnUrl' => GeneralUtility::getIndpEnv('REQUEST_URI')
]);
- $adminLink = '<a class="btn btn-default" href="' . htmlspecialchars($editUrl) . '" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:cm.edit', true) . '">' . $this->moduleTemplate->getIconFactory()->getIcon('actions-document-open', Icon::SIZE_SMALL)->render() . '</a>';
+ $adminLink = '<a class="btn btn-default" href="' . htmlspecialchars($editUrl) . '" title="' . htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:cm.edit')) . '">' . $this->moduleTemplate->getIconFactory()->getIcon('actions-document-open', Icon::SIZE_SMALL)->render() . '</a>';
// Delete link:
- $adminLink .= '<a class="btn btn-default" href="' . htmlspecialchars(BackendUtility::getLinkToDataHandlerAction('&cmd[' . $table . '][' . $row['uid'] . '][delete]=1')) . '" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:cm.delete', true) . '">' . $this->moduleTemplate->getIconFactory()->getIcon('actions-edit-delete', Icon::SIZE_SMALL)->render() . '</a>';
+ $adminLink .= '<a class="btn btn-default" href="' . htmlspecialchars(BackendUtility::getLinkToDataHandlerAction('&cmd[' . $table . '][' . $row['uid'] . '][delete]=1')) . '" title="' . htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:cm.delete')) . '">' . $this->moduleTemplate->getIconFactory()->getIcon('actions-edit-delete', Icon::SIZE_SMALL)->render() . '</a>';
if ($table === 'pages') {
// If another page module was specified, replace the default Page module with the new one
$newPageModule = trim($GLOBALS['BE_USER']->getTSConfigVal('options.overridePageModule'));
diff --git a/typo3/sysext/version/Classes/View/VersionView.php b/typo3/sysext/version/Classes/View/VersionView.php
index a231a06e1899aca375b443d24a989653d56bd957..e2c915fefb4dfe1ecbb05be70374144972da2ced 100644
--- a/typo3/sysext/version/Classes/View/VersionView.php
+++ b/typo3/sysext/version/Classes/View/VersionView.php
@@ -53,9 +53,9 @@ class VersionView
foreach ($versions as $vRow) {
if ($vRow['uid'] == $onlineId) {
// Live version
- $label = '[' . $GLOBALS['LANG']->sL('LLL:EXT:version/Resources/Private/Language/locallang.xlf:versionSelect.live', true) . ']';
+ $label = '[' . htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:version/Resources/Private/Language/locallang.xlf:versionSelect.live')) . ']';
} else {
- $label = $vRow['t3ver_label'] . ' (' . $GLOBALS['LANG']->sL('LLL:EXT:version/Resources/Private/Language/locallang.xlf:versionId', true) . ' ' . $vRow['t3ver_id'] . ($vRow['t3ver_wsid'] != 0 ? ' ' . $GLOBALS['LANG']->sL('LLL:EXT:version/Resources/Private/Language/locallang.xlf:workspaceId', true) . ' ' . $vRow['t3ver_wsid'] : '') . ')';
+ $label = $vRow['t3ver_label'] . ' (' . htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:version/Resources/Private/Language/locallang.xlf:versionId')) . ' ' . $vRow['t3ver_id'] . ($vRow['t3ver_wsid'] != 0 ? ' ' . htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:version/Resources/Private/Language/locallang.xlf:workspaceId')) . ' ' . $vRow['t3ver_wsid'] : '') . ')';
}
$opt[] = '<option value="' . htmlspecialchars(GeneralUtility::linkThisScript(array('id' => $vRow['uid']))) . '"' . ($id == $vRow['uid'] ? ' selected="selected"' : '') . '>' . htmlspecialchars($label) . '</option>';
}
@@ -65,22 +65,22 @@ class VersionView
$management = '
<a class="btn btn-default" href="' . htmlspecialchars(\TYPO3\CMS\Backend\Utility\BackendUtility::getModuleUrl('web_txversionM1', array('table' => 'pages', 'uid' => $onlineId))) . '">
' . $iconFactory->getIcon('actions-version-page-open', Icon::SIZE_SMALL)->render() . '
- ' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:ver.mgm', true) . '
+ ' . htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:ver.mgm')) . '
</a>';
// Create onchange handler:
$onChange = 'window.location.href=this.options[this.selectedIndex].value;';
// Controls:
if ($id == $onlineId) {
- $controls = '<strong class="text-success">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:ver.online', true) . '</strong>';
+ $controls = '<strong class="text-success">' . htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:ver.online')) . '</strong>';
} elseif (!$noAction) {
$href = BackendUtility::getLinkToDataHandlerAction(
'&cmd[pages][' . $onlineId . '][version][swapWith]=' . $id . '&cmd[pages][' . $onlineId . '][version][action]=swap',
GeneralUtility::linkThisScript(array('id' => $onlineId))
);
$controls = '
- <a href="' . htmlspecialchars($href) . '" class="btn btn-default" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:ver.swapPage', true) . '">
+ <a href="' . htmlspecialchars($href) . '" class="btn btn-default" title="' . htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:ver.swapPage')) . '">
' . $iconFactory->getIcon('actions-version-swap-version', Icon::SIZE_SMALL)->render() . '
- ' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:ver.swap', true) . '
+ ' . htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:ver.swap')) . '
</a>';
}
// Write out HTML code:
@@ -90,7 +90,7 @@ class VersionView
-->
<div id="typo3-version-selector" class="form-inline form-inline-spaced">
<div class="form-group">
- <label for="version-selector">' . $GLOBALS['LANG']->sL('LLL:EXT:version/Resources/Private/Language/locallang.xlf:versionSelect.label', true) . '</label>
+ <label for="version-selector">' . htmlspecialchars($GLOBALS['LANG']->sL('LLL:EXT:version/Resources/Private/Language/locallang.xlf:versionSelect.label')) . '</label>
<select id="version-selector" class="form-control" onchange="' . htmlspecialchars($onChange) . '">
' . implode('', $opt) . '
</select>
diff --git a/typo3/sysext/wizard_sortpages/Classes/View/SortPagesWizardModuleFunction.php b/typo3/sysext/wizard_sortpages/Classes/View/SortPagesWizardModuleFunction.php
index 626cb9928d0066cbef94cdc9efe65bce15c020e0..a09265aa533f084cd471e8cb3958bc5014334428 100644
--- a/typo3/sysext/wizard_sortpages/Classes/View/SortPagesWizardModuleFunction.php
+++ b/typo3/sysext/wizard_sortpages/Classes/View/SortPagesWizardModuleFunction.php
@@ -132,8 +132,8 @@ class SortPagesWizardModuleFunction extends \TYPO3\CMS\Backend\Module\AbstractFu
);
return '<a class="btn btn-default t3js-modal-trigger" href="' . htmlspecialchars($href) . '" '
. ' data-severity="warning"'
- . ' data-title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:pleaseConfirm', true) . '"'
- . ' data-button-close-text="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:cancel', true) . '"'
+ . ' data-title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:pleaseConfirm')) . '"'
+ . ' data-button-close-text="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:cancel')) . '"'
. ' data-content="' . htmlspecialchars($this->getLanguageService()->getLL('wiz_changeOrder_msg1')) . '"'
. ' >' . htmlspecialchars($title) . '</a>';
}
diff --git a/typo3/sysext/workspaces/Classes/Backend/ToolbarItems/WorkspaceSelectorToolbarItem.php b/typo3/sysext/workspaces/Classes/Backend/ToolbarItems/WorkspaceSelectorToolbarItem.php
index ffdc8d52e6aae5cf4ee3f94c9a6439f04fe570b8..dd2ddcf64fd305afa1724035f8808720a15920ba 100644
--- a/typo3/sysext/workspaces/Classes/Backend/ToolbarItems/WorkspaceSelectorToolbarItem.php
+++ b/typo3/sysext/workspaces/Classes/Backend/ToolbarItems/WorkspaceSelectorToolbarItem.php
@@ -72,7 +72,7 @@ class WorkspaceSelectorToolbarItem implements ToolbarItemInterface
return '';
}
- return '<span title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:toolbarItems.workspace', true) . '">'
+ return '<span title="' . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:toolbarItems.workspace')) . '">'
. $this->iconFactory->getIcon('apps-toolbar-menu-workspace', Icon::SIZE_SMALL)->render('inline') . '</span>';
}