[TYPO3-core] RFC #15227: Bug: class.tslib_content.php returns unfiltered data
Jigal van Hemert
jigal at xs4all.nl
Mon Jul 26 00:23:12 CEST 2010
Roland Schenke wrote:
> Problem: In function class.tslib_content.php::MULTIMEDIA() one has
> the ability to specify height and width parameters for such objects
> via Typoscript. In Lines 2632, 2633 and 2639, 2640 these values are
> assigned unfiltered to html attributes which are part of the <embed>
> tag that is used to embed the defined Object like Movies, Flash
> Applications or JAVA Class Files.
>
> Solution: apply intval() as integer seems to be the desired datatype
Is it? W3C mentions that width and height may also be a percentage.
Sorry, -1 for not allowing percentages.
--
Jigal van Hemert
skype:jigal.van.hemert
msn: jigal at xs4all.nl
http://twitter.com/jigalvh
More information about the TYPO3-team-core
mailing list