[BUGFIX] Sanitize calling htmlspecialchars(...) in SelectViewHelper

htmlspecialchars(...) expects that first argument is a string, otherwise triggering E_DEPRECATED. This patch adds a string cast to ensure value is passed as string to htmlspecialchars(...) in SelectViewHelper. Resolves: #95830 Releases: master Change-Id: I0b77234ad6c87f19e7f1f5a45fe16c8fea443530 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72012 Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de> Reviewed-by: Nikita Hovratov <nikita.h@live.de> Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de> Tested-by: core-ci <typo3@b13.com> Tested-by: Nikita Hovratov <nikita.h@live.de> Tested-by: Andreas Fernandez <a.fernandez@scripting-base.de>
TYPO3 · Nov 2, 2021 · 55c5f66 · 55c5f66
1 parent 87283af
commit 55c5f66
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/typo3/sysext/fluid/Classes/ViewHelpers/Form/SelectViewHelper.php b/typo3/sysext/fluid/Classes/ViewHelpers/Form/SelectViewHelper.php
@@ -351,11 +351,11 @@ protected function getOptionValueScalar($valueElement)
      */
     protected function renderOptionTag($value, $label, $isSelected)
     {
-        $output = '<option value="' . htmlspecialchars($value) . '"';
+        $output = '<option value="' . htmlspecialchars((string)$value) . '"';
         if ($isSelected) {
             $output .= ' selected="selected"';
         }
-        $output .= '>' . htmlspecialchars($label) . '</option>';
+        $output .= '>' . htmlspecialchars((string)$label) . '</option>';
         return $output;
     }
 }