[SECURITY] Correctly escape value of $this->gp['formToken']

zoranilic · May 27, 2016 · 1e87874 · 1e87874
1 parent c792c2b
commit 1e87874
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Classes/View/Form.php b/Classes/View/Form.php
@@ -480,7 +480,7 @@ protected function fillDefaultMarkers()
         }
         if ($this->gp['formToken']) {
             $markers['###HIDDEN_FIELDS###'] .= '
-				<input type="hidden" name="' . $name . '" value="' . $this->gp['formToken'] . '" />
+				<input type="hidden" name="' . $name . '" value="' . htmlspecialchars($this->gp['formToken']) . '" />
 			';
         }