From 46abf8ffd595c8b9b8a20937fe77f27d2fc86b68 Mon Sep 17 00:00:00 2001
From: Andrew Aitken-Fincham <andrew@silverstripe.com>
Date: Thu, 24 Aug 2017 10:39:25 +0100
Subject: [PATCH] sanitize namespaced classes for page icon css

---
 code/Controllers/CMSPageAddController.php          | 3 ++-
 code/Controllers/LeftAndMainPageIconsExtension.php | 3 ++-
 code/Model/SiteTree.php                            | 5 +++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/code/Controllers/CMSPageAddController.php b/code/Controllers/CMSPageAddController.php
index cb4b576c..fbe893d2 100644
--- a/code/Controllers/CMSPageAddController.php
+++ b/code/Controllers/CMSPageAddController.php
@@ -6,6 +6,7 @@ use SilverStripe\CMS\Model\SiteTree;
 use SilverStripe\Control\Controller;
 use SilverStripe\Control\Session;
 use SilverStripe\Control\HTTPResponse;
+use SilverStripe\Core\Convert;
 use SilverStripe\Forms\FieldList;
 use SilverStripe\Forms\Form;
 use SilverStripe\Forms\FormAction;
@@ -44,7 +45,7 @@ class CMSPageAddController extends CMSPageEditController
         foreach ($this->PageTypes() as $type) {
             $html = sprintf(
                 '<span class="page-icon class-%s"></span><span class="title">%s</span><span class="form__field-description">%s</span>',
-                $type->getField('ClassName'),
+                Convert::raw2htmlid($type->getField('ClassName')),
                 $type->getField('AddAction'),
                 $type->getField('Description')
             );
diff --git a/code/Controllers/LeftAndMainPageIconsExtension.php b/code/Controllers/LeftAndMainPageIconsExtension.php
index 89a09b7e..6e8cbf89 100644
--- a/code/Controllers/LeftAndMainPageIconsExtension.php
+++ b/code/Controllers/LeftAndMainPageIconsExtension.php
@@ -2,6 +2,7 @@
 
 namespace SilverStripe\CMS\Controllers;
 
+use SilverStripe\Core\Convert;
 use SilverStripe\View\Requirements;
 use SilverStripe\Core\ClassInfo;
 use SilverStripe\Control\Director;
@@ -45,8 +46,8 @@ class LeftAndMainPageIconsExtension extends Extension
                 $iconFile .= '-file.gif';
             }
 
+            $class = Convert::raw2htmlid($class);
             $selector = ".page-icon.class-$class, li.class-$class > a .jstree-pageicon";
-
             if (Director::fileExists($iconFile)) {
                 $css .= "$selector { background: transparent url('$iconFile') 0 0 no-repeat; }\n";
             } else {
diff --git a/code/Model/SiteTree.php b/code/Model/SiteTree.php
index 1f216f32..1b7c4993 100755
--- a/code/Model/SiteTree.php
+++ b/code/Model/SiteTree.php
@@ -2621,7 +2621,8 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
         }
         $flags = $this->getStatusFlags();
         $treeTitle = sprintf(
-            "<span class=\"jstree-pageicon\"></span><span class=\"item\" data-allowedchildren=\"%s\">%s</span>",
+            "<span class=\"jstree-pageicon page-icon class-%s\"></span><span class=\"item\" data-allowedchildren=\"%s\">%s</span>",
+            Convert::raw2htmlid(static::class),
             Convert::raw2att(Convert::raw2json($children)),
             Convert::raw2xml(str_replace(array("\n","\r"), "", $this->MenuTitle))
         );
@@ -2715,7 +2716,7 @@ class SiteTree extends DataObject implements PermissionProvider, i18nEntityProvi
      */
     public function CMSTreeClasses()
     {
-        $classes = sprintf('class-%s', static::class);
+        $classes = sprintf('class-%s', Convert::raw2htmlid(static::class));
         if ($this->HasBrokenFile || $this->HasBrokenLink) {
             $classes .= " BrokenLink";
         }