From b9ba69f66d6a9986fb36f239661b98cd33a89853 Mon Sep 17 00:00:00 2001
From: Christian F <christian.feldkirchner@pimcore.com>
Date: Mon, 27 Feb 2023 16:29:25 +0100
Subject: [PATCH] optimized video thumbnail creation (#14472)

---
 bundles/AdminBundle/Controller/Admin/SettingsController.php     | 2 +-
 .../Resources/public/js/pimcore/settings/videothumbnail/item.js | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/bundles/AdminBundle/Controller/Admin/SettingsController.php b/bundles/AdminBundle/Controller/Admin/SettingsController.php
index ac7a97b1acd..58508f403af 100644
--- a/bundles/AdminBundle/Controller/Admin/SettingsController.php
+++ b/bundles/AdminBundle/Controller/Admin/SettingsController.php
@@ -1554,7 +1554,7 @@ public function videoThumbnailUpdateAction(Request $request)
                 $type = $item['type'];
                 unset($item['type']);
 
-                $pipe->addItem($type, $item, $mediaName);
+                $pipe->addItem($type, $item, htmlspecialchars($mediaName));
             }
         }
 
diff --git a/bundles/AdminBundle/Resources/public/js/pimcore/settings/videothumbnail/item.js b/bundles/AdminBundle/Resources/public/js/pimcore/settings/videothumbnail/item.js
index e2f7c555f4d..a174b7da9c1 100644
--- a/bundles/AdminBundle/Resources/public/js/pimcore/settings/videothumbnail/item.js
+++ b/bundles/AdminBundle/Resources/public/js/pimcore/settings/videothumbnail/item.js
@@ -177,6 +177,7 @@ pimcore.settings.videothumbnail.item = Class.create({
     },
 
     addMediaPanel: function (name, items, closable, activate) {
+        name = name.replace(/[^a-zA-Z0-9_\-+]/g,'');
 
         if (this.medias[name]) {
             return;