From 1fbe6f2d2826a0ba72ff2ca84032d8c6d77b5efb Mon Sep 17 00:00:00 2001
From: Andrew Embler <andrew@concrete5.org>
Date: Thu, 9 Nov 2023 15:35:00 -0800
Subject: [PATCH 1/3] Backport security fix for layout sanitization

---
 concrete/controllers/dialog/area/layout/presets.php   | 3 ++-
 concrete/views/dialogs/area/layout/presets/manage.php | 8 ++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/concrete/controllers/dialog/area/layout/presets.php b/concrete/controllers/dialog/area/layout/presets.php
index 1aaa957df06..edf5b819db1 100644
--- a/concrete/controllers/dialog/area/layout/presets.php
+++ b/concrete/controllers/dialog/area/layout/presets.php
@@ -32,7 +32,7 @@ public function view($arLayoutID)
         $presets = array();
         $presets['-1'] = t('** New');
         foreach ($presetlist as $preset) {
-            $presets[$preset->getAreaLayoutPresetID()] = $preset->getAreaLayoutPresetName();
+            $presets[$preset->getAreaLayoutPresetID()] = h($preset->getAreaLayoutPresetName());
         }
 
         $this->set('arLayout', $arLayout);
@@ -64,6 +64,7 @@ public function getPresetData($cID, $arLayoutPresetID)
     public function submit($arLayoutID)
     {
         if ($this->validateAction()) {
+            $existingPreset = null;
             $arLayout = AreaLayout::getByID($arLayoutID);
             if (!is_object($arLayout)) {
                 throw new Exception(t('Invalid layout object.'));
diff --git a/concrete/views/dialogs/area/layout/presets/manage.php b/concrete/views/dialogs/area/layout/presets/manage.php
index 93500d41d86..9ab8836ae68 100644
--- a/concrete/views/dialogs/area/layout/presets/manage.php
+++ b/concrete/views/dialogs/area/layout/presets/manage.php
@@ -3,6 +3,7 @@
 <div class="ccm-ui">
 
 
+<<<<<<< HEAD
 <?php if (count($presets) > 0) {
     ?>
     <div class="alert alert-info"><?=t("Deleting a preset will not affect any layouts that have used that preset in the past.")?></div>
@@ -25,6 +26,13 @@
 <?php 
 } ?>
 
+=======
+        <ul class="item-select-list">
+            <?php foreach ($presets as $preset) { ?>
+                <li data-preset-row="<?php echo $preset->getAreaLayoutPresetID() ?>">
+                    <span>
+                        <?php echo h($preset->getAreaLayoutPresetName()) ?>
+>>>>>>> c88ddd1f8f (Sanitize layout preset name on output)
 
 </div>
 

From 3c7b8e6d7651c0bddca262993a6a6dbcc3c7967c Mon Sep 17 00:00:00 2001
From: Andrew Embler <andrew@concrete5.org>
Date: Thu, 9 Nov 2023 16:04:57 -0800
Subject: [PATCH 2/3] Fix conflict

---
 .../views/dialogs/area/layout/presets/manage.php | 16 ++++------------
 1 file changed, 4 insertions(+), 12 deletions(-)

diff --git a/concrete/views/dialogs/area/layout/presets/manage.php b/concrete/views/dialogs/area/layout/presets/manage.php
index 9ab8836ae68..9b1cf7bb332 100644
--- a/concrete/views/dialogs/area/layout/presets/manage.php
+++ b/concrete/views/dialogs/area/layout/presets/manage.php
@@ -3,7 +3,6 @@
 <div class="ccm-ui">
 
 
-<<<<<<< HEAD
 <?php if (count($presets) > 0) {
     ?>
     <div class="alert alert-info"><?=t("Deleting a preset will not affect any layouts that have used that preset in the past.")?></div>
@@ -11,28 +10,21 @@
     <ul class="item-select-list">
     <?php foreach ($presets as $preset) {
     ?>
-        <li data-preset-row="<?=$preset->getAreaLayoutPresetID()?>"><span><?=$preset->getAreaLayoutPresetName()?>
+        <li data-preset-row="<?=$preset->getAreaLayoutPresetID()?>"><span><?=h($preset->getAreaLayoutPresetName())?>
         <a href="javascript:void(0)" class="pull-right icon-link delete-area-layout-preset" data-action="delete-area-layout-preset"><i class="fa fa-trash-o"></i></a>
         </span></li>
-    <?php 
+    <?php
 }
     ?>
     </ul>
 
-<?php 
+<?php
 } else {
     ?>
     <p><?=t('You have no presets.')?></p>
-<?php 
+<?php
 } ?>
 
-=======
-        <ul class="item-select-list">
-            <?php foreach ($presets as $preset) { ?>
-                <li data-preset-row="<?php echo $preset->getAreaLayoutPresetID() ?>">
-                    <span>
-                        <?php echo h($preset->getAreaLayoutPresetName()) ?>
->>>>>>> c88ddd1f8f (Sanitize layout preset name on output)
 
 </div>
 

From c770ca07e869934185709650545b9ae584ce4681 Mon Sep 17 00:00:00 2001
From: Andrew Embler <andrew@concrete5.org>
Date: Thu, 9 Nov 2023 16:06:22 -0800
Subject: [PATCH 3/3] validateaction on event delete

---
 concrete/controllers/dialog/event/delete.php | 71 +++++++++++---------
 1 file changed, 38 insertions(+), 33 deletions(-)

diff --git a/concrete/controllers/dialog/event/delete.php b/concrete/controllers/dialog/event/delete.php
index ece1bd454d2..fe6afa7991c 100644
--- a/concrete/controllers/dialog/event/delete.php
+++ b/concrete/controllers/dialog/event/delete.php
@@ -38,42 +38,47 @@ public function __construct()
 
     public function submit()
     {
-        $event = $this->eventService->getByID($_REQUEST['eventID'], EventService::EVENT_VERSION_RECENT);
-        $e = \Core::make('error');
-        if (!$event) {
-            $e->add(t('Invalid event.'));
-        }
-        if (!$this->canAccess()) {
-            $e->add(t('Access Denied.'));
-        }
+        if ($this->validateAction()) {
+            $event = $this->eventService->getByID($_REQUEST['eventID'], EventService::EVENT_VERSION_RECENT);
+            $e = \Core::make('error');
+            if (!$event) {
+                $e->add(t('Invalid event.'));
+            }
+            if (!$this->canAccess()) {
+                $e->add(t('Access Denied.'));
+            }
 
-        $r = new EditResponse($e);
-        $year = date('Y');
-        $month = date('m');
-        $r->setRedirectURL(
-            \URL::to(
-                $this->preferences->getPreferredViewPath(),
-                'view',
-                $event->getCalendar()->getID(),
-                $year,
-                $month
-            )
-        );
-
-        if (!$e->has()) {
-            $u = $this->app->make(User::class);
-            $pkr = new DeleteCalendarEventRequest();
-            $pkr->setCalendarEventVersionID($event->getRecentVersion()->getID());
-            $pkr->setRequesterUserID($u->getUserID());
-            $response = $pkr->trigger();
-            if ($response instanceof Response) {
-                $this->flash('success', t('Event deleted successfully.'));
-            } else {
-                $this->flash('success', t('Event deletion pending. This request must be approved before the event is fully removed.'));
+            $r = new EditResponse($e);
+            $year = date('Y');
+            $month = date('m');
+            $r->setRedirectURL(
+                \URL::to(
+                    $this->preferences->getPreferredViewPath(),
+                    'view',
+                    $event->getCalendar()->getID(),
+                    $year,
+                    $month
+                )
+            );
+
+            if (!$e->has()) {
+                $u = $this->app->make(User::class);
+                $pkr = new DeleteCalendarEventRequest();
+                $pkr->setCalendarEventVersionID($event->getRecentVersion()->getID());
+                $pkr->setRequesterUserID($u->getUserID());
+                $response = $pkr->trigger();
+                if ($response instanceof Response) {
+                    $this->flash('success', t('Event deleted successfully.'));
+                } else {
+                    $this->flash(
+                        'success',
+                        t('Event deletion pending. This request must be approved before the event is fully removed.')
+                    );
+                }
             }
-        }
 
-        $r->outputJSON();
+            $r->outputJSON();
+        }
     }