[Task] Improve check validity (#14301)

* set value to sanitized string if string doesn't match requirements * sanitized string to improve validity check * sanitized string to improve validity check * added exception to validation
pimcore · Feb 14, 2023 · f405058 · f405058
1 parent a4d27a4
commit f405058
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 5 deletions.
diff --git a/bundles/AdminBundle/Resources/public/js/pimcore/object/tags/urlSlug.js b/bundles/AdminBundle/Resources/public/js/pimcore/object/tags/urlSlug.js
@@ -137,8 +137,6 @@ pimcore.object.tags.urlSlug = Class.create(pimcore.object.tags.abstract, {
             value: siteData['slug'],
             componentCls: this.getWrapperClassNames(),
             validator: function(value) {
-
-
                 if (value) {
                     if (!value.startsWith('/') || value.length < 2) {
                         return false;
@@ -153,9 +151,10 @@ pimcore.object.tags.urlSlug = Class.create(pimcore.object.tags.abstract, {
                         if  (part.length == 0) {
                             return false;
                         }
+
                         sanitizedPart = part.replace(/[#\?\*\:\\\\<\>\|"%&@=;]/g, '-');
                         if (sanitizedPart != part) {
-                            return false;
+                            return t('url-slug-invalid-chars');
                         }
                     }
                 }

diff --git a/bundles/CoreBundle/Resources/translations/en.json b/bundles/CoreBundle/Resources/translations/en.json
@@ -999,5 +999,6 @@
     "no_further_classes_allowed": "No further classes allowed",
     "address_not_found": "The entered address was not found",
     "possible_causes": "Possible causes",
-    "postal_code_format_error": "Postal code format, e.g. use \"5020 Salzburg, Söllheimer Straße 16\" instead of \"A-5020 Salzburg, Söllheimer Straße 16\""
+    "postal_code_format_error": "Postal code format, e.g. use \"5020 Salzburg, Söllheimer Straße 16\" instead of \"A-5020 Salzburg, Söllheimer Straße 16\"",
+    "url-slug-invalid-chars": "Provided invalid character in URL slug"
 }
diff --git a/models/DataObject/ClassDefinition/Data/UrlSlug.php b/models/DataObject/ClassDefinition/Data/UrlSlug.php
@@ -177,10 +177,15 @@ public function checkValidity($data, $omitMandatoryCheck = false, $params = [])
         if (is_array($data)) {
             /** @var Model\DataObject\Data\UrlSlug $item */
             foreach ($data as $item) {
-                $slug = $item->getSlug();
+                $slug = htmlspecialchars($item->getSlug());
                 $foundSlug = true;
 
                 if (strlen($slug) > 0) {
+                    $slugToCompare = preg_replace('/[#\?\*\:\\\\<\>\|"%&@=;]/', '-', $item->getSlug());
+                    if($item->getSlug() !== $slugToCompare){
+                        throw new Model\Element\ValidationException('Slug contains forbidden characters!');
+                    }
+
                     $document = Model\Document::getByPath($slug);
                     if ($document) {
                         throw new Model\Element\ValidationException('Slug must be unique. Found conflict with document path "' . $slug . '"');