From 6f36e841ce55f67e2e95253dd58f80659ef166c7 Mon Sep 17 00:00:00 2001
From: Bernhard Rusch <bernhard.rusch@elements.at>
Date: Mon, 17 Jan 2022 16:37:25 +0100
Subject: [PATCH] [Thumbnail] Validate media query name

---
 bundles/AdminBundle/Controller/Admin/SettingsController.php  | 5 +++++
 .../Resources/public/js/pimcore/settings/thumbnail/item.js   | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/bundles/AdminBundle/Controller/Admin/SettingsController.php b/bundles/AdminBundle/Controller/Admin/SettingsController.php
index b706d5eb1bd..99b96aeac2c 100644
--- a/bundles/AdminBundle/Controller/Admin/SettingsController.php
+++ b/bundles/AdminBundle/Controller/Admin/SettingsController.php
@@ -1331,6 +1331,11 @@ public function thumbnailUpdateAction(Request $request)
         });
 
         foreach ($mediaData as $mediaName => $items) {
+
+            if(preg_match('/["<>]/', $mediaName)) {
+                throw new \Exception('Invalid media query name');
+            }
+
             foreach ($items as $item) {
                 $type = $item['type'];
                 unset($item['type']);
diff --git a/bundles/AdminBundle/Resources/public/js/pimcore/settings/thumbnail/item.js b/bundles/AdminBundle/Resources/public/js/pimcore/settings/thumbnail/item.js
index 937ea503078..a9f45c56ebd 100644
--- a/bundles/AdminBundle/Resources/public/js/pimcore/settings/thumbnail/item.js
+++ b/bundles/AdminBundle/Resources/public/js/pimcore/settings/thumbnail/item.js
@@ -216,6 +216,10 @@ pimcore.settings.thumbnail.item = Class.create({
             name = '(max-width: ' + name.replace("w", "") + 'px)';
         }
 
+        if(name.match(/["<>]/)) {
+            return;
+        }
+
         if (this.medias[name]) {
             return;
         }