We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent d8377fc commit 6f36e84Copy full SHA for 6f36e84
bundles/AdminBundle/Controller/Admin/SettingsController.php
@@ -1331,6 +1331,11 @@ public function thumbnailUpdateAction(Request $request)
1331
});
1332
1333
foreach ($mediaData as $mediaName => $items) {
1334
+
1335
+ if(preg_match('/["<>]/', $mediaName)) {
1336
+ throw new \Exception('Invalid media query name');
1337
+ }
1338
1339
foreach ($items as $item) {
1340
$type = $item['type'];
1341
unset($item['type']);
bundles/AdminBundle/Resources/public/js/pimcore/settings/thumbnail/item.js
@@ -216,6 +216,10 @@ pimcore.settings.thumbnail.item = Class.create({
216
name = '(max-width: ' + name.replace("w", "") + 'px)';
217
}
218
219
+ if(name.match(/["<>]/)) {
220
+ return;
221
222
223
if (this.medias[name]) {
224
return;
225
0 commit comments