Merge pull request from GHSA-v24p-7p4j-qvvf

* Encode file names in tooltips and titles

* Remove ampersands in sanitizeFileName()

* Revert "Remove ampersands in sanitizeFileName()"

This reverts commit 81d06fe1ba46a969f5eacfa1420a8519379e0262.

---------

Co-authored-by: Leo Feyer <1192057+leofeyer@users.noreply.github.com>

core-bundle/src/Resources/contao/drivers/DC_Folder.php

@@ -2720,7 +2720,7 @@ protected function generateTree($path, $intMargin, $mount=false, $blnProtected=t
 			$folderAlt = $protected ? $GLOBALS['TL_LANG']['MSC']['folderCP'] : $GLOBALS['TL_LANG']['MSC']['folderC'];
 
 			// Add the current folder
-			$strFolderNameEncoded = StringUtil::convertEncoding(StringUtil::specialchars(basename($currentFolder)), System::getContainer()->getParameter('kernel.charset'));
+			$strFolderNameEncoded = StringUtil::convertEncoding(StringUtil::specialchars(basename($currentFolder), false, true), System::getContainer()->getParameter('kernel.charset'));
 			$return .= Image::getHtml($folderImg, $folderAlt) . ' <a href="' . $this->addToUrl('fn=' . $currentEncoded) . '" title="' . StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['selectNode']) . '"><strong>' . $strFolderNameEncoded . '</strong></a></div> <div class="tl_right">';
 
 			// Paste buttons
@@ -2842,7 +2842,7 @@ protected function generateTree($path, $intMargin, $mount=false, $blnProtected=t
 				}
 			}
 
-			$strFileNameEncoded = StringUtil::convertEncoding(StringUtil::specialchars(basename($currentFile)), System::getContainer()->getParameter('kernel.charset'));
+			$strFileNameEncoded = StringUtil::convertEncoding(StringUtil::specialchars(basename($currentFile), false, true), System::getContainer()->getParameter('kernel.charset'));
 			$iconAlt = sprintf($GLOBALS['TL_LANG']['MSC']['typeOfFile'], strtoupper($objFile->extension));
 
 			// No popup links for protected files and templates (see #700)

core-bundle/src/Resources/public/core.js

@@ -977,7 +977,7 @@ var Backend =
 			'onHide': function() { document.body.setStyle('overflow', 'auto'); }
 		});
 		M.show({
-			'title': opt.title,
+			'title': opt.title && opt.title.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/"/g, '&quot;').replace(/'/g, '&apos;'),
 			'contents': '<img src="' + opt.url + '" alt="">'
 		});
 	},
@@ -1002,7 +1002,7 @@ var Backend =
 			'onHide': function() { document.body.setStyle('overflow', 'auto'); }
 		});
 		M.show({
-			'title': opt.title,
+			'title': opt.title && opt.title.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/"/g, '&quot;').replace(/'/g, '&apos;'),
 			'contents': '<iframe src="' + opt.url + '" width="100%" height="' + opt.height + '" frameborder="0"></iframe>',
 			'model': 'modal'
 		});
@@ -1092,7 +1092,7 @@ var Backend =
 			this.hide();
 		});
 		M.show({
-			'title': opt.title,
+			'title': opt.title && opt.title.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/"/g, '&quot;').replace(/'/g, '&apos;'),
 			'contents': '<iframe src="' + opt.url + '" name="simple-modal-iframe" width="100%" height="' + opt.height + '" frameborder="0"></iframe>',
 			'model': 'modal'
 		});

core-bundle/src/Resources/public/mootao.js

@@ -179,6 +179,11 @@ Tips.Contao = new Class(
 		this.tip.setStyles(obj);
 	},
 
+	fill: function(element, contents){
+		if (typeof contents == 'string') element.set(element.hasClass('tip-text') ? 'html' : 'text', contents);
+		else element.adopt(contents);
+	},
+
 	hide: function(element) {
 		if (!this.tip) document.id(this);
 		this.fireEvent('hide', [this.tip, element]);