From 20337e91ad5676742929699d2e948cb223eba147 Mon Sep 17 00:00:00 2001
From: Paul Ilea <paul@sgalinski.de>
Date: Thu, 29 Nov 2018 15:48:38 +0200
Subject: [PATCH] [TASK] Accept only alphanumeric values for forms marker names

---
 Classes/Finisher/Forms/FormsFinisher.php     |  8 +++++--
 Classes/XClass/Form/FormEditorController.php | 23 ++++++++++++++------
 2 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/Classes/Finisher/Forms/FormsFinisher.php b/Classes/Finisher/Forms/FormsFinisher.php
index 59a89541..f30c90b9 100644
--- a/Classes/Finisher/Forms/FormsFinisher.php
+++ b/Classes/Finisher/Forms/FormsFinisher.php
@@ -83,9 +83,13 @@ class FormsFinisher extends AbstractFinisher {
 
 			$formElementProperties = $formElement->getProperties();
 			if (isset($formElementProperties['markerName']) && \trim($formElementProperties['markerName']) !== '') {
-				$markers[\trim($formElementProperties['markerName'])] = $value;
+				$markerName = \trim($formElementProperties['markerName']);
 			} else {
-				$markers[$identifier] = $value;
+				$markerName = $identifier;
+			}
+			$markerName = preg_replace('/[^a-zA-Z0-9]/', '', $markerName);
+			if (!isset($markers[$markerName])) {
+				$markers[$markerName] = $value;
 			}
 		}
 
diff --git a/Classes/XClass/Form/FormEditorController.php b/Classes/XClass/Form/FormEditorController.php
index 25fcda0f..1309f549 100644
--- a/Classes/XClass/Form/FormEditorController.php
+++ b/Classes/XClass/Form/FormEditorController.php
@@ -168,13 +168,22 @@ class FormEditorController extends \TYPO3\CMS\Form\Controller\FormEditorControll
 			if (isset($element['properties']['markerName']) && $element['properties']['markerName'] !== '') {
 				$markerName = $element['properties']['markerName'];
 			}
-
-			$markers[] = [
-				'identifier' => $markerName,
-				'type' => MailTemplateService::MARKER_TYPE_STRING,
-				'value' => $element['label'],
-				'description' => $element['label']
-			];
+			$markerName = preg_replace('/[^a-zA-Z0-9]/', '', $markerName);
+			$duplicateMarker = FALSE;
+			foreach ($markers as $marker) {
+				if ($marker['identifier'] === $markerName) {
+					$duplicateMarker = TRUE;
+					break;
+				}
+			}
+			if (!$duplicateMarker) {
+				$markers[] = [
+					'identifier' => $markerName,
+					'type' => MailTemplateService::MARKER_TYPE_STRING,
+					'value' => $element['label'],
+					'description' => $element['label']
+				];
+			}
 		}
 
 		$registrationService = $this->objectManager->get(RegisterService::class);
-- 
GitLab