Bug #20677 Version Retired

Publish Tab isn’t sanitized

Version: 2.9.2 Reporter: jefinho

This is an archived bug report. If you are experiencing a similar issue, upgrade to the latest release and if that does not solve the problem, submit a new bug report

I’ve added a new Publish Tab with a backslash in the name (e.g. “product/solution”). It didn’t produce an error so everything seemed fine. When I tried to add fields to that tab bug occurred.

Some characters are already not allowed, like *. That gives “illigal_tab_name” as a message.

So far i’ve tried these that produce the bug:
- / (backslash)
- , (comma)
- ; (semicolon)
- { (curly bracket)
- } (curly bracket)

It add’s the tab, but when you try to select it there is a javascript error and some tabs disappear (seems the first 2 tabs disappear).

The problem is that the characters are added to the ID/title of the tab and if the javascript tries to select is it gives an error.

You can’t remove the tab once it is created. Because that also goes through javascript.

  • Nobody has said anything yet.
  • Connect directly to your mysql database and search for the “exp_layout_publish” table.
    Look for the channel ID from the channel with the faulty tab and edit the “field_layout” column. Search for the place where the character is and remove/edit it to something allowed. (probably at 2 places for each tab)

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases