Skip to content

Commit 74ae7f9

Browse files
enjeckenjeck
committed
fix: Ensure context icon is valid
Signed-off-by: Enjeck C. <patrathewhiz@gmail.com>
1 parent 63c9278 commit 74ae7f9

2 files changed

Lines changed: 25 additions & 4 deletions

File tree

lib/Controller/ContextController.php

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -102,6 +102,9 @@ public function show(int $contextId): DataResponse {
102102
#[NoAdminRequired]
103103
public function create(string $name, string $iconName, string $description = '', array $nodes = []): DataResponse {
104104
try {
105+
if (!$this->isValidIcon($iconName)) {
106+
return new DataResponse(['message' => 'Invalid icon name'], Http::STATUS_BAD_REQUEST);
107+
}
105108
return new DataResponse($this->contextService->create(
106109
$name,
107110
$iconName,
@@ -139,6 +142,9 @@ public function create(string $name, string $iconName, string $description = '',
139142
#[NoAdminRequired]
140143
public function update(int $contextId, ?string $name, ?string $iconName, ?string $description, ?array $nodes): DataResponse {
141144
try {
145+
if ($iconName !== null && !$this->isValidIcon($iconName)) {
146+
return new DataResponse(['message' => 'Invalid icon name'], Http::STATUS_BAD_REQUEST);
147+
}
142148
$nodes = $nodes !== null ? $this->sanitizeInputNodes($nodes) : null;
143149
return new DataResponse($this->contextService->update(
144150
$contextId,
@@ -271,6 +277,14 @@ public function updateContentOrder(int $contextId, int $pageId, array $content):
271277
return new DataResponse($this->contextService->updateContentOrder($pageId, $content));
272278
}
273279

280+
protected function isValidIcon(string $iconName): bool {
281+
if ($iconName === '' || !preg_match('/^[a-zA-Z0-9-]+$/', $iconName)) {
282+
return false;
283+
}
284+
$iconPath = dirname(__DIR__, 2) . '/img/material/' . $iconName . '.svg';
285+
return file_exists($iconPath);
286+
}
287+
274288
/**
275289
* @param Context[] $contexts
276290
* @return array

src/shared/components/ncIconPicker/mixins/svgHelper.js

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,18 @@
55
export default {
66
methods: {
77
async getContextIcon(iconName) {
8-
const { default: icon } = await import(
9-
`./../../../../../img/material/${iconName}.svg?raw`
10-
)
8+
try {
9+
const { default: icon } = await import(
10+
`./../../../../../img/material/${iconName}.svg?raw`
11+
)
1112

12-
return icon.replaceAll(/#fff/g, 'currentColor')
13+
return icon.replaceAll(/#fff/g, 'currentColor')
14+
} catch (e) {
15+
if (iconName !== 'apps') {
16+
return this.getContextIcon('apps')
17+
}
18+
throw e
19+
}
1320
},
1421
},
1522
}

0 commit comments

Comments
 (0)