[TYPO3-core] RFC: #17503: hsc called twice for title tag at login page

[Georg Ringer]

Hi,

this is a SVN patch request.

Type: Bugfix

Bugtracker references:
http://bugs.typo3.org/view.php?id=17503

Branches: 4_5, trunk

Propblem:
htmlspecialchars is used twice on the title tag of the login page. If
there is a '&' in $TYPO3_CONF_VARS['SYS']['sitename'], this looks very
ugly (&).

How it works:
1) index.php calls $TBE_TEMPLATE->startPage('TYPO3 Login: ' .
htmlspecialchars($TYPO3_CONF_VARS['SYS']['sitename']), FALSE);

2) in template.php startPage() the pagerenderer is called with
$this->pageRenderer->setHtmlTag($htmlTag);

3) in class.t3lib_pagerenderer.php the final htmlspecialchars() is used
in line 1494: 'TITLE' => $this->title ? str_replace('|',
htmlspecialchars($this->title), $this->titleTag) : '',


Solution:
So it is safe to remove the hsc() in index.php

How to test:
1)Set this line in localconf.php:
-----------
$TYPO3_CONF_VARS['SYS']['sitename'] = 'New TYPO3 site &
xxx">xxx<script>alert(1)</script>';
-----------

2) Delete cache, go to your backend login and look at the page title
3) Apply patch and recheck
4) Vote

Georg
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: hsc-index.patch
URL: <http://lists.typo3.org/pipermail/typo3-team-core/attachments/20110207/25e49dc6/attachment.txt>