From abf0ecfeb589bb7385a8847fad45747dc0a56f57 Mon Sep 17 00:00:00 2001 From: ChristianFeldkirchne Date: Tue, 14 Mar 2023 08:20:16 +0100 Subject: [PATCH 1/4] optimized perspective and view creation --- src/Resources/public/js/pimcore/perspective/perspective.js | 2 ++ src/Resources/public/js/pimcore/perspective/view.js | 2 ++ src/Services/PerspectiveAccessor.php | 2 +- src/Services/ViewAccessor.php | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/Resources/public/js/pimcore/perspective/perspective.js b/src/Resources/public/js/pimcore/perspective/perspective.js index 94340c7..0f520ab 100644 --- a/src/Resources/public/js/pimcore/perspective/perspective.js +++ b/src/Resources/public/js/pimcore/perspective/perspective.js @@ -104,6 +104,8 @@ pimcore.bundle.perspectiveeditor.PerspectiveEditor = class { disabled: !pimcore.settings['perspectives-writeable'], handler: function(){ Ext.MessageBox.prompt(t('plugin_pimcore_perspectiveeditor_new_perspective'), t('plugin_pimcore_perspectiveeditor_new_perspective'), function (button, value) { + value = pimcore.helpers.sanitizeString(value); + if (button === 'ok' && value.length > 0) { //check for configs with same name let match = this.perspectiveTreeStore.findExact("name", value); diff --git a/src/Resources/public/js/pimcore/perspective/view.js b/src/Resources/public/js/pimcore/perspective/view.js index be0a35f..0d0bbad 100644 --- a/src/Resources/public/js/pimcore/perspective/view.js +++ b/src/Resources/public/js/pimcore/perspective/view.js @@ -86,6 +86,8 @@ pimcore.bundle.perspectiveeditor.ViewEditor = class { disabled: !pimcore.settings['custom-views-writeable'], handler: function () { Ext.MessageBox.prompt(t('plugin_pimcore_perspectiveeditor_new_view'), t('plugin_pimcore_perspectiveeditor_new_view'), function (button, value) { + value = pimcore.helpers.sanitizeString(value); + if (button === 'ok' && value.length > 0) { const record = this.viewTreeStore.getRoot().appendChild({ id: pimcore.bundle.perspectiveeditor.PerspectiveViewHelper.generateUuid(), diff --git a/src/Services/PerspectiveAccessor.php b/src/Services/PerspectiveAccessor.php index 6065d97..1b45424 100644 --- a/src/Services/PerspectiveAccessor.php +++ b/src/Services/PerspectiveAccessor.php @@ -24,7 +24,7 @@ protected function convertTreeStoreToConfiguration($treeStore) $configuration = []; foreach ($treeStore['children'] as $child) { - $name = $child['name']; + $name = htmlspecialchars($child['name']); $configuration[$name] = []; $configuration[$name]['elementTree'] = []; foreach ($child['children'] as $index => $element) { diff --git a/src/Services/ViewAccessor.php b/src/Services/ViewAccessor.php index dcf9c29..611828f 100644 --- a/src/Services/ViewAccessor.php +++ b/src/Services/ViewAccessor.php @@ -39,6 +39,8 @@ protected function convertTreeStoreToConfiguration($treeStore) if (isset($treeStore['children'])) { foreach ($treeStore['children'] as $child) { + $child['config']['name'] = htmlspecialchars($child['config']['name']); + if (!empty($child['config']['treeContextMenu'])) { foreach (array_keys($child['config']['treeContextMenu']) as $contextMenuEntry) { if (substr($child['config']['treetype'], 0, strlen($contextMenuEntry)) != $contextMenuEntry) { From 0947219f8861627919f59697b31129d056ec1af8 Mon Sep 17 00:00:00 2001 From: ChristianFeldkirchne Date: Tue, 14 Mar 2023 08:25:40 +0100 Subject: [PATCH 2/4] added condition --- src/Services/ViewAccessor.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/Services/ViewAccessor.php b/src/Services/ViewAccessor.php index 611828f..edf2ab3 100644 --- a/src/Services/ViewAccessor.php +++ b/src/Services/ViewAccessor.php @@ -39,7 +39,9 @@ protected function convertTreeStoreToConfiguration($treeStore) if (isset($treeStore['children'])) { foreach ($treeStore['children'] as $child) { - $child['config']['name'] = htmlspecialchars($child['config']['name']); + if(array_key_exists('name', $child['config'])) { + $child['config']['name'] = htmlspecialchars($child['config']['name']); + } if (!empty($child['config']['treeContextMenu'])) { foreach (array_keys($child['config']['treeContextMenu']) as $contextMenuEntry) { From 947806d95b0bdbaa152da1e9ebb5159fea0d6f37 Mon Sep 17 00:00:00 2001 From: Corepex Date: Tue, 14 Mar 2023 07:26:15 +0000 Subject: [PATCH 3/4] Apply php-cs-fixer changes --- src/Services/ViewAccessor.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Services/ViewAccessor.php b/src/Services/ViewAccessor.php index edf2ab3..83af4bc 100644 --- a/src/Services/ViewAccessor.php +++ b/src/Services/ViewAccessor.php @@ -39,7 +39,7 @@ protected function convertTreeStoreToConfiguration($treeStore) if (isset($treeStore['children'])) { foreach ($treeStore['children'] as $child) { - if(array_key_exists('name', $child['config'])) { + if (array_key_exists('name', $child['config'])) { $child['config']['name'] = htmlspecialchars($child['config']['name']); } From 6ae4d56557dbc0178d4cb2f5622ca39f6e62e0e5 Mon Sep 17 00:00:00 2001 From: ChristianFeldkirchne Date: Mon, 20 Mar 2023 11:20:17 +0100 Subject: [PATCH 4/4] added sanitizeName function --- src/Resources/public/js/pimcore/perspective/perspective.js | 6 +++++- src/Resources/public/js/pimcore/perspective/view.js | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/Resources/public/js/pimcore/perspective/perspective.js b/src/Resources/public/js/pimcore/perspective/perspective.js index 0f520ab..d35f765 100644 --- a/src/Resources/public/js/pimcore/perspective/perspective.js +++ b/src/Resources/public/js/pimcore/perspective/perspective.js @@ -104,7 +104,7 @@ pimcore.bundle.perspectiveeditor.PerspectiveEditor = class { disabled: !pimcore.settings['perspectives-writeable'], handler: function(){ Ext.MessageBox.prompt(t('plugin_pimcore_perspectiveeditor_new_perspective'), t('plugin_pimcore_perspectiveeditor_new_perspective'), function (button, value) { - value = pimcore.helpers.sanitizeString(value); + value = this.sanitizeName(value); if (button === 'ok' && value.length > 0) { //check for configs with same name @@ -826,4 +826,8 @@ pimcore.bundle.perspectiveeditor.PerspectiveEditor = class { } } } + + sanitizeName (name) { + return name.replace(/[^a-z0-9_\-.+]/gi,''); + } } diff --git a/src/Resources/public/js/pimcore/perspective/view.js b/src/Resources/public/js/pimcore/perspective/view.js index 0d0bbad..4b13f31 100644 --- a/src/Resources/public/js/pimcore/perspective/view.js +++ b/src/Resources/public/js/pimcore/perspective/view.js @@ -86,7 +86,7 @@ pimcore.bundle.perspectiveeditor.ViewEditor = class { disabled: !pimcore.settings['custom-views-writeable'], handler: function () { Ext.MessageBox.prompt(t('plugin_pimcore_perspectiveeditor_new_view'), t('plugin_pimcore_perspectiveeditor_new_view'), function (button, value) { - value = pimcore.helpers.sanitizeString(value); + value = this.sanitizeName(value); if (button === 'ok' && value.length > 0) { const record = this.viewTreeStore.getRoot().appendChild({ @@ -569,4 +569,8 @@ pimcore.bundle.perspectiveeditor.ViewEditor = class { } } } + + sanitizeName (name) { + return name.replace(/[^a-z0-9_\-.+]/gi,''); + } }