From 2e2d0e506fc444bda7d99bf8ac13815d1463a960 Mon Sep 17 00:00:00 2001 From: Sebastiaan Janssen Date: Fri, 24 Jun 2016 10:49:07 +0200 Subject: [PATCH 1/5] Properly URL Encodes stylesheet properties --- .../umbraco/Trees/loadStylesheetProperty.cs | 4 ++-- .../umbraco/create/stylesheetPropertyTasks.cs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/loadStylesheetProperty.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/loadStylesheetProperty.cs index 1be4d03f58..197c52925e 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/loadStylesheetProperty.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/loadStylesheetProperty.cs @@ -58,12 +58,12 @@ namespace umbraco { var sheetId = sheet.Path.TrimEnd(".css"); var xNode = XmlTreeNode.Create(this); - xNode.NodeID = sheetId + "_" + prop.Name; + xNode.NodeID = sheetId + "_" + HttpUtility.UrlEncode(prop.Name); xNode.Text = prop.Name; xNode.Action = "javascript:openStylesheetProperty('" + //Needs to be escaped for JS HttpUtility.UrlEncode(sheet.Path) + - "','" + prop.Name + "');"; + "','" + HttpUtility.UrlEncode(prop.Name) + "');"; xNode.Icon = "icon-brackets"; xNode.OpenIcon = "icon-brackets"; diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs index 76f1b83190..d1d607a7d8 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs @@ -26,7 +26,7 @@ namespace umbraco s.AddProperty(new StylesheetProperty(Alias, "." + Alias.ToSafeAlias(), "")); Umbraco.Core.ApplicationContext.Current.Services.FileService.SaveStylesheet(s); - _returnUrl = string.Format("settings/stylesheet/property/EditStyleSheetProperty.aspx?id={0}&prop={1}", HttpUtility.UrlEncode(s.Path), Alias); + _returnUrl = string.Format("settings/stylesheet/property/EditStyleSheetProperty.aspx?id={0}&prop={1}", HttpUtility.UrlEncode(s.Path), HttpUtility.UrlEncode(Alias)); return true; } From b2e9fb1534449c5c754bbee4c7c3e16e04646867 Mon Sep 17 00:00:00 2001 From: Sebastiaan Janssen Date: Wed, 6 Jul 2016 11:00:34 +0200 Subject: [PATCH 2/5] Need to UrlDecode the parts[1] part so that we can find and properly delete properties with ampersands --- .../umbraco/create/stylesheetPropertyTasks.cs | 23 +++++++------------ 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs index d1d607a7d8..fe589a6dbb 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs @@ -1,30 +1,22 @@ using System; -using System.Data; using System.Linq; using System.Web; -using System.Web.Security; -using System.Windows.Forms; using Umbraco.Core; using Umbraco.Core.Models; using Umbraco.Web.UI; using umbraco.BusinessLogic; -using umbraco.DataLayer; -using umbraco.BasePages; -using Umbraco.Core.IO; -using umbraco.cms.businesslogic.member; namespace umbraco { public class stylesheetPropertyTasks : LegacyDialogTask { - public override bool PerformSave() { var stylesheetName = AdditionalValues["nodeId"].ToString(); - - var s = Umbraco.Core.ApplicationContext.Current.Services.FileService.GetStylesheetByName(stylesheetName.EnsureEndsWith(".css")); + + var s = ApplicationContext.Current.Services.FileService.GetStylesheetByName(stylesheetName.EnsureEndsWith(".css")); s.AddProperty(new StylesheetProperty(Alias, "." + Alias.ToSafeAlias(), "")); - Umbraco.Core.ApplicationContext.Current.Services.FileService.SaveStylesheet(s); + ApplicationContext.Current.Services.FileService.SaveStylesheet(s); _returnUrl = string.Format("settings/stylesheet/property/EditStyleSheetProperty.aspx?id={0}&prop={1}", HttpUtility.UrlEncode(s.Path), HttpUtility.UrlEncode(Alias)); return true; @@ -34,15 +26,16 @@ namespace umbraco { var parts = Alias.Split('_'); - var stylesheet = Umbraco.Core.ApplicationContext.Current.Services.FileService.GetStylesheetByName(parts[0].EnsureEndsWith(".css")); + var stylesheet = ApplicationContext.Current.Services.FileService.GetStylesheetByName(parts[0].EnsureEndsWith(".css")); if (stylesheet == null) throw new InvalidOperationException("No stylesheet found by name: " + parts[0]); - var prop = stylesheet.Properties.FirstOrDefault(x => x.Name == parts[1]); - if (prop == null) throw new InvalidOperationException("No stylesheet property found by name: " + parts[1]); + var property = HttpUtility.UrlDecode(parts[1]); + var prop = stylesheet.Properties.FirstOrDefault(x => x.Name == property); + if (prop == null) throw new InvalidOperationException("No stylesheet property found by name: " + property); stylesheet.RemoveProperty(prop.Name); - Umbraco.Core.ApplicationContext.Current.Services.FileService.SaveStylesheet(stylesheet); + ApplicationContext.Current.Services.FileService.SaveStylesheet(stylesheet); return true; } From 46cd7cae38ee0f44e9e602a49c9380f2fd5a1a0a Mon Sep 17 00:00:00 2001 From: Sebastiaan Janssen Date: Wed, 6 Jul 2016 11:02:51 +0200 Subject: [PATCH 3/5] Make sure to encode/decode the property name everywhere --- .../property/EditStyleSheetProperty.aspx.cs | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/stylesheet/property/EditStyleSheetProperty.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/settings/stylesheet/property/EditStyleSheetProperty.aspx.cs index f058b31bb7..a53420d814 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/stylesheet/property/EditStyleSheetProperty.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/settings/stylesheet/property/EditStyleSheetProperty.aspx.cs @@ -1,19 +1,7 @@ using System; -using System.Collections; -using System.ComponentModel; -using System.Data; -using System.Drawing; using System.Linq; using System.Web; -using System.Web.Services.Description; -using System.Web.SessionState; -using System.Web.UI; using System.Web.UI.WebControls; -using System.Web.UI.HtmlControls; -using umbraco.cms.businesslogic.web; -using Umbraco.Core; -using Umbraco.Web; -using umbraco.cms.presentation.Trees; using Umbraco.Core; namespace umbraco.cms.presentation.settings.stylesheet @@ -43,10 +31,11 @@ namespace umbraco.cms.presentation.settings.stylesheet _sheet = Services.FileService.GetStylesheetByName(Request.QueryString["id"]); if (_sheet == null) throw new InvalidOperationException("No stylesheet found with name: " + Request.QueryString["id"]); - var propName = IsPostBack ? OriginalName.Value : Request.QueryString["prop"]; + var property = HttpUtility.UrlDecode(Request.QueryString["prop"]); + var propName = IsPostBack ? OriginalName.Value : property; _stylesheetproperty = _sheet.Properties.FirstOrDefault(x => x.Name.InvariantEquals(propName)); - if (_stylesheetproperty == null) throw new InvalidOperationException("No stylesheet property found with name: " + Request.QueryString["prop"]); + if (_stylesheetproperty == null) throw new InvalidOperationException("No stylesheet property found with name: " + property); Panel1.Text = ui.Text("stylesheet", "editstylesheetproperty", UmbracoUser); @@ -70,7 +59,7 @@ namespace umbraco.cms.presentation.settings.stylesheet var nodePath = string.Format("-1,init,{0},{0}_{1}", _sheet.Path //needs a double escape to work with JS - .Replace("\\", "\\\\").TrimEnd(".css"), _stylesheetproperty.Name); + .Replace("\\", "\\\\").TrimEnd(".css"), HttpUtility.UrlEncode(_stylesheetproperty.Name)); ClientTools .SetActiveTreeType(Constants.Trees.Stylesheets) From b395d1a049ff87edacd96bfdd01e503ebe1f2682 Mon Sep 17 00:00:00 2001 From: Sebastiaan Janssen Date: Wed, 6 Jul 2016 11:04:27 +0200 Subject: [PATCH 4/5] Alias is already running through ToSafeAlias, doesn't need UrlEncoding --- .../umbraco/create/stylesheetPropertyTasks.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs index fe589a6dbb..2755b3501c 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs @@ -18,7 +18,7 @@ namespace umbraco s.AddProperty(new StylesheetProperty(Alias, "." + Alias.ToSafeAlias(), "")); ApplicationContext.Current.Services.FileService.SaveStylesheet(s); - _returnUrl = string.Format("settings/stylesheet/property/EditStyleSheetProperty.aspx?id={0}&prop={1}", HttpUtility.UrlEncode(s.Path), HttpUtility.UrlEncode(Alias)); + _returnUrl = string.Format("settings/stylesheet/property/EditStyleSheetProperty.aspx?id={0}&prop={1}", HttpUtility.UrlEncode(s.Path), Alias); return true; } From f057eca45ad2fae50ea1f48e8bb6b4e8cbb9366a Mon Sep 17 00:00:00 2001 From: Sebastiaan Janssen Date: Wed, 6 Jul 2016 11:14:59 +0200 Subject: [PATCH 5/5] Scratch that.. the Alias is actually the Name. Consistency FTW! --- .../umbraco/create/stylesheetPropertyTasks.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs index 2755b3501c..a27e550831 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/create/stylesheetPropertyTasks.cs @@ -18,7 +18,8 @@ namespace umbraco s.AddProperty(new StylesheetProperty(Alias, "." + Alias.ToSafeAlias(), "")); ApplicationContext.Current.Services.FileService.SaveStylesheet(s); - _returnUrl = string.Format("settings/stylesheet/property/EditStyleSheetProperty.aspx?id={0}&prop={1}", HttpUtility.UrlEncode(s.Path), Alias); + // SJ - Note: The Alias is NOT in fact the alias but the name of the new property, need to UrlEncode it! + _returnUrl = string.Format("settings/stylesheet/property/EditStyleSheetProperty.aspx?id={0}&prop={1}", HttpUtility.UrlEncode(s.Path), HttpUtility.UrlEncode(Alias)); return true; }