Merge branch 'release/8.4.1'

einpraegsam · einpraegsam · commit cdd03db07ce9 · 2021-08-11T12:40:10.000+02:00
diff --git a/Documentation/Changelog/Readme.md b/Documentation/Changelog/Readme.md
@@ -4,6 +4,7 @@
 
 | Version     | Release Date | Description                                                                                                           |
 |------------ |--------------|-----------------------------------------------------------------------------------------------------------------------|
+| 8.4.1       | 2021-08-11   | Task: Also Sanitize CSV and XLS export in Pi2 (not only the export in the backend module)                             |
 | 8.4.0       | 2021-08-11   | Task: Sanitize CSV and XLS export against excel hacks (see https://typo3.org/security/advisory/typo3-psa-2021-002)    |
 |             |              | Task: Add automatic test via github actions                                                                           |
 | 8.3.3       | 2021-07-27   | Bugfix: Fix some more typehint problems                                                                               |
diff --git a/Resources/Private/Templates/Output/ExportCsv.html b/Resources/Private/Templates/Output/ExportCsv.html
@@ -22,15 +22,17 @@
 
 					<f:if condition="{vh:condition.isArray(val: '{answer.value}')}">
 						<f:else>
-							"<vh:string.removeQuote>{answer.value}</vh:string.removeQuote>";
+							"<vh:string.removeQuote><vh:string.sanitizeCsvCell>{answer.value}</vh:string.sanitizeCsvCell></vh:string.removeQuote>";
 						</f:else>
 						<f:then>
 							"<vh:string.removeQuote>
-								<f:for each="{answer.value}" as="singleValue">
-									<f:if condition="{singleValue}">
-										{singleValue},
-									</f:if>
-								</f:for>
+                                <vh:string.sanitizeCsvCell>
+                                    <f:for each="{answer.value}" as="singleValue">
+                                        <f:if condition="{singleValue}">
+                                            {singleValue},
+                                        </f:if>
+                                    </f:for>
+                                </vh:string.sanitizeCsvCell>
 							</vh:string.removeQuote>";
 						</f:then>
 					</f:if>
diff --git a/Resources/Private/Templates/Output/ExportXls.html b/Resources/Private/Templates/Output/ExportXls.html
@@ -32,12 +32,12 @@
 										<f:then>
 											<f:for each="{answer.value}" as="singleValue">
 												<f:if condition="{singleValue}">
-													{singleValue},
+													<vh:string.sanitizeCsvCell>{singleValue}</vh:string.sanitizeCsvCell>,
 												</f:if>
 											</f:for>
 										</f:then>
 										<f:else>
-											{answer.value}
+											<vh:string.sanitizeCsvCell>{answer.value}</vh:string.sanitizeCsvCell>
 										</f:else>
 									</f:if>
 								</f:if>
diff --git a/ext_emconf.php b/ext_emconf.php
@@ -6,7 +6,7 @@
         and easy to use mailform extension with a lots of features
         (spam prevention, marketing information, optin, ajax submit, diagram analysis, etc...)',
     'category' => 'plugin',
-    'version' => '8.4.0',
+    'version' => '8.4.1',
     'state' => 'stable',
     'author' => 'Powermail Development Team',
     'author_email' => 'service@in2code.de',
