[BUGFIX] Properly encode HTML attributes in Toolbar

Resolves: #84561 Releases: master, 8.7 Change-Id: Iacb5dbf1fc5b709acd9db1c4463a991212a26a91 Reviewed-on: https://review.typo3.org/56482 Reviewed-by: Mathias Brodala <mbrodala@pagemachine.de> Tested-by: Mathias Brodala <mbrodala@pagemachine.de> Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch> Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
TYPO3 · Mar 29, 2018 · 0402811 · 0402811
1 parent 289a8bc
commit 0402811
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/typo3/sysext/backend/Classes/Controller/BackendController.php b/typo3/sysext/backend/Classes/Controller/BackendController.php
@@ -342,27 +342,27 @@ protected function renderToolbar()
                     $classes[] = $additionalAttributes['class'];
                     unset($additionalAttributes['class']);
                 }
-                $liAttributes[] = 'class="' . implode(' ', $classes) . '"';
+                $liAttributes['class'] = implode(' ', $classes);
 
                 // Add further attributes
                 foreach ($additionalAttributes as $name => $value) {
-                    $liAttributes[] = $name . '="' . $value . '"';
+                    $liAttributes[$name] = $value;
                 }
 
                 // Create a unique id from class name
-                $fullyQualifiedClassName = get_class($toolbarItem);
+                $fullyQualifiedClassName = \get_class($toolbarItem);
                 $className = GeneralUtility::underscoredToLowerCamelCase($fullyQualifiedClassName);
                 $className = GeneralUtility::camelCaseToLowerCaseUnderscored($className);
                 $className = str_replace(['_', '\\'], '-', $className);
-                $liAttributes[] = 'id="' . $className . '"';
+                $liAttributes['id'] = $className;
 
                 // Create data attribute identifier
                 $shortName = substr($fullyQualifiedClassName, strrpos($fullyQualifiedClassName, '\\') + 1);
                 $dataToolbarIdentifier = GeneralUtility::camelCaseToLowerCaseUnderscored($shortName);
                 $dataToolbarIdentifier = str_replace('_', '-', $dataToolbarIdentifier);
-                $liAttributes[] = 'data-toolbar-identifier="' . htmlspecialchars($dataToolbarIdentifier) . '"';
+                $liAttributes['data-toolbar-identifier'] = $dataToolbarIdentifier;
 
-                $toolbar[] = '<li ' . implode(' ', $liAttributes) . '>';
+                $toolbar[] = '<li ' . GeneralUtility::implodeAttributes($liAttributes, true) . '>';
 
                 if ($hasDropDown) {
                     $toolbar[] = '<a href="#" class="toolbar-item-link dropdown-toggle" data-toggle="dropdown">';