diff --git a/bundles/AdminBundle/Controller/Admin/SettingsController.php b/bundles/AdminBundle/Controller/Admin/SettingsController.php index 44f1ea3dbaf..e2df9de0487 100644 --- a/bundles/AdminBundle/Controller/Admin/SettingsController.php +++ b/bundles/AdminBundle/Controller/Admin/SettingsController.php @@ -1161,7 +1161,7 @@ public function thumbnailTreeAction() if (empty($groups[$item->getGroup()])) { $groups[$item->getGroup()] = [ 'id' => 'group_' . $item->getName(), - 'text' => $item->getGroup(), + 'text' => htmlspecialchars($item->getGroup()), 'expandable' => true, 'leaf' => false, 'allowChildren' => true, @@ -1388,10 +1388,10 @@ public function videoThumbnailTreeAction() $groups = []; foreach ($list->getThumbnails() as $item) { if ($item->getGroup()) { - if (!$groups[$item->getGroup()]) { + if (empty($groups[$item->getGroup()])) { $groups[$item->getGroup()] = [ 'id' => 'group_' . $item->getName(), - 'text' => $item->getGroup(), + 'text' => htmlspecialchars($item->getGroup()), 'expandable' => true, 'leaf' => false, 'allowChildren' => true, diff --git a/bundles/AdminBundle/Resources/public/js/pimcore/settings/thumbnail/item.js b/bundles/AdminBundle/Resources/public/js/pimcore/settings/thumbnail/item.js index a9f45c56ebd..979e2a52881 100644 --- a/bundles/AdminBundle/Resources/public/js/pimcore/settings/thumbnail/item.js +++ b/bundles/AdminBundle/Resources/public/js/pimcore/settings/thumbnail/item.js @@ -82,6 +82,7 @@ pimcore.settings.thumbnail.item = Class.create({ name: "group", value: this.data.group, fieldLabel: t("group"), + renderer: Ext.util.Format.htmlEncode, width: 450 });