From b78c1633627488c695054ae954f28bee7183a306 Mon Sep 17 00:00:00 2001 From: Andrew Aitken-Fincham Date: Thu, 24 Aug 2017 12:12:37 +0100 Subject: [PATCH] sanitize class names for cms icons --- code/controllers/CMSPageAddController.php | 2 +- code/controllers/LeftAndMainPageIconsExtension.php | 7 +------ code/model/SiteTree.php | 5 +++-- 3 files changed, 5 insertions(+), 9 deletions(-) diff --git a/code/controllers/CMSPageAddController.php b/code/controllers/CMSPageAddController.php index aa34269c..2110d009 100644 --- a/code/controllers/CMSPageAddController.php +++ b/code/controllers/CMSPageAddController.php @@ -20,7 +20,7 @@ class CMSPageAddController extends CMSPageEditController { $pageTypes = array(); foreach($this->PageTypes() as $type) { $html = sprintf('%s%s', - $type->getField('ClassName'), + Convert::raw2htmlid($type->getField('ClassName')), $type->getField('AddAction'), $type->getField('Description') ); diff --git a/code/controllers/LeftAndMainPageIconsExtension.php b/code/controllers/LeftAndMainPageIconsExtension.php index ffa74ec2..43a4174f 100644 --- a/code/controllers/LeftAndMainPageIconsExtension.php +++ b/code/controllers/LeftAndMainPageIconsExtension.php @@ -33,12 +33,7 @@ class LeftAndMainPageIconsExtension extends Extension { // Legacy support: Add file extension if none exists if(!pathinfo($iconFile, PATHINFO_EXTENSION)) $iconFile .= '-file.gif'; - $iconPathInfo = pathinfo($iconFile); - - // Base filename - $baseFilename = $iconPathInfo['dirname'] . '/' . $iconPathInfo['filename']; - $fileExtension = $iconPathInfo['extension']; - + $class = Convert::raw2htmlid($class); $selector = ".page-icon.class-$class, li.class-$class > a .jstree-pageicon"; if(Director::fileExists($iconFile)) { diff --git a/code/model/SiteTree.php b/code/model/SiteTree.php index d4082f99..e8f6b8cb 100755 --- a/code/model/SiteTree.php +++ b/code/model/SiteTree.php @@ -2830,7 +2830,8 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid } $flags = $this->getStatusFlags(); $treeTitle = sprintf( - "%s", + "%s", + Convert::raw2htmlid($this->class), Convert::raw2att(Convert::raw2json($children)), Convert::raw2xml(str_replace(array("\n","\r"),"",$this->MenuTitle)) ); @@ -2883,7 +2884,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid * @return string */ public function CMSTreeClasses($numChildrenMethod="numChildren") { - $classes = sprintf('class-%s', $this->class); + $classes = sprintf('class-%s', Convert::raw2htmlid($this->class)); if($this->HasBrokenFile || $this->HasBrokenLink) { $classes .= " BrokenLink"; }