From 3ae96b9d41c117aafa45873ad10077d4b873a3cb Mon Sep 17 00:00:00 2001
From: Divesh <divesh.pahuja@pimcore.com>
Date: Tue, 25 Jan 2022 12:20:25 +0100
Subject: [PATCH] disallow html entity names on import - follow up to #11217

---
 models/DataObject/ClassDefinition/Service.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/models/DataObject/ClassDefinition/Service.php b/models/DataObject/ClassDefinition/Service.php
index 46ba9941366..4208f1e09f8 100644
--- a/models/DataObject/ClassDefinition/Service.php
+++ b/models/DataObject/ClassDefinition/Service.php
@@ -315,11 +315,11 @@ public static function generateLayoutTreeFromArray($array, $throwException = fal
     {
         if (is_array($array) && count($array) > 0) {
             if ($name = $array['name'] ?? false) {
-                $sanitizedName = htmlentities($name);
-                if ($sanitizedName !== $name) {
+                if (preg_match('/<.+?>/', $name)) {
                     throw new \Exception('not a valid name:' . htmlentities($name));
                 }
             }
+
             /** @var LoaderInterface $loader */
             $loader = \Pimcore::getContainer()->get('pimcore.implementation_loader.object.' . $array['datatype']);