CVE-2023-2343: [Security] XSS in Classification Store of Data Objects module (#14933) · pimcore/pimcore@f1d9040

Expand Up

@@ -141,7 +141,7 @@ pimcore.object.classificationstore.collectionsPanel = Class.create({

var colId = data.data.colId;

var groupId = data.data.groupId;

Ext.Msg.confirm(t(‘delete’), sprintf(t(‘delete_message_advanced’), t(‘classificationstore_collection_relation’), data.data.groupName), function(btn) {

Ext.Msg.confirm(t(‘delete’), sprintf(t(‘delete_message_advanced’), t(‘classificationstore_collection_relation’), pimcore.helpers.getStringWithoutControlChars(data.data.groupName)), function(btn) {

if (btn == ‘yes’) {

Ext.Ajax.request({

url: Routing.generate(‘pimcore_admin_dataobject_classificationstore_deletecollectionrelation’),

Expand Down Expand Up

@@ -315,7 +315,7 @@ pimcore.object.classificationstore.collectionsPanel = Class.create({

this.relationsGrid.hide();

this.relationsPanel.disable();

Ext.Msg.confirm(t(‘delete’), sprintf(t(‘delete_message_advanced’), t(‘classificationstore_collection’), data.data.name), function(btn) {

Ext.Msg.confirm(t(‘delete’), sprintf(t(‘delete_message_advanced’), t(‘classificationstore_collection’), pimcore.helpers.getStringWithoutControlChars(data.data.name)), function(btn) {

if (btn == ‘yes’) {

Ext.Ajax.request({

url: Routing.generate(‘pimcore_admin_dataobject_classificationstore_deletecollection’),

Expand Down Expand Up

@@ -410,8 +410,7 @@ pimcore.object.classificationstore.collectionsPanel = Class.create({

},

addFieldComplete: function (button, value, object) {

value = value.trim();

value = pimcore.helpers.getStringWithoutControlChars(value).trim();

if (button == “ok” && value.length > 1) {

Ext.Ajax.request({

url: Routing.generate(‘pimcore_admin_dataobject_classificationstore_createcollection’),

Expand Down