Bug #20677 New

Publish Tab isn’t sanitized

Version: EE 2.9.2 Reporter: jefinho

I’ve added a new Publish Tab with a backslash in the name (e.g. “product/solution”). It didn’t produce an error so everything seemed fine. When I tried to add fields to that tab bug occurred.

Some characters are already not allowed, like *. That gives “illigal_tab_name” as a message.

So far i’ve tried these that produce the bug:
- / (backslash)
- , (comma)
- ; (semicolon)
- { (curly bracket)
- } (curly bracket)

It add’s the tab, but when you try to select it there is a javascript error and some tabs disappear (seems the first 2 tabs disappear).


The problem is that the characters are added to the ID/title of the tab and if the javascript tries to select is it gives an error.

You can’t remove the tab once it is created. Because that also goes through javascript.

  • Nobody has said anything yet.

You must be signed in to comment on a bug report.

  • Connect directly to your mysql database and search for the “exp_layout_publish” table.
    Look for the channel ID from the channel with the faulty tab and edit the “field_layout” column. Search for the place where the character is and remove/edit it to something allowed. (probably at 2 places for each tab)

ExpressionEngine News

#eecms, #events, #releases