From 7ecf361eb33022a463fbb55300e5eb4315a2dcbb Mon Sep 17 00:00:00 2001
From: Sam Georges <sam@daftspunk.com>
Date: Sun, 6 Jul 2014 12:42:08 +1000
Subject: [PATCH] Fixes validation of requested partial names VS. partial names
 on file system

---
 modules/backend/classes/Controller.php    | 2 +-
 modules/cms/classes/Controller.php        | 2 +-
 modules/cms/classes/FileHelper.php        | 2 +-
 tests/unit/cms/classes/FileHelperTest.php | 2 ++
 4 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/modules/backend/classes/Controller.php b/modules/backend/classes/Controller.php
index c206cc93e..1c8d46cbb 100644
--- a/modules/backend/classes/Controller.php
+++ b/modules/backend/classes/Controller.php
@@ -308,7 +308,7 @@ class Controller extends Extendable
 
                     // @todo Do we need to validate backend partials?
                     // foreach ($partialList as $partial) {
-                    //     if (!CmsFileHelper::validateName($partial))
+                    //     if (!preg_match('/^(?:\w+\:{2}|@)?[a-z0-9\_\-\.\/]+$/i', $partial))
                     //         throw new SystemException(Lang::get('cms::lang.partial.invalid_name', ['name'=>$partial]));
                     // }
                 }
diff --git a/modules/cms/classes/Controller.php b/modules/cms/classes/Controller.php
index 342fd2793..77164a46b 100644
--- a/modules/cms/classes/Controller.php
+++ b/modules/cms/classes/Controller.php
@@ -332,7 +332,7 @@ class Controller extends BaseController
                     $partialList = explode('&', $partialList);
 
                     foreach ($partialList as $partial) {
-                        if (!CmsFileHelper::validateName($partial))
+                        if (!preg_match('/^(?:\w+\:{2}|@)?[a-z0-9\_\-\.\/]+$/i', $partial))
                             throw new CmsException(Lang::get('cms::lang.partial.invalid_name', ['name'=>$partial]));
                     }
                 }
diff --git a/modules/cms/classes/FileHelper.php b/modules/cms/classes/FileHelper.php
index 7edd70e7d..250b813cb 100644
--- a/modules/cms/classes/FileHelper.php
+++ b/modules/cms/classes/FileHelper.php
@@ -17,7 +17,7 @@ class FileHelper
      */
     public static function validateName($fileName)
     {
-        return preg_match('/^([a-z0-9\-\.]+\:{2})?[a-z0-9\_\-\.\/]+$/i', $fileName) ? true : false;
+        return preg_match('/^[a-z0-9\_\-\.\/]+$/i', $fileName) ? true : false;
     }
 
     /**
diff --git a/tests/unit/cms/classes/FileHelperTest.php b/tests/unit/cms/classes/FileHelperTest.php
index df4c039de..ba50d1907 100644
--- a/tests/unit/cms/classes/FileHelperTest.php
+++ b/tests/unit/cms/classes/FileHelperTest.php
@@ -12,6 +12,8 @@ class FileHelperTest extends TestCase
         $this->assertFalse(FileHelper::validateName('test\testdat'));
         $this->assertTrue(FileHelper::validateName('01test-test.dat'));
         $this->assertFalse(FileHelper::validateName('test@test.dat'));
+        $this->assertFalse(FileHelper::validateName('test::test'));
+        $this->assertFalse(FileHelper::validateName('@test'));
     }
 
     public function testFormatIniString()