Escape dynamic CSS background images

Resolves #4261
craftcms · May 14, 2019 · 1a061d0 · 1a061d0
1 parent f46956d
commit 1a061d0
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/CHANGELOG-v3.md b/CHANGELOG-v3.md
@@ -23,6 +23,7 @@
 - Fixed a bug where you could get some character encoding issues in some environments when using PHP 7.3.
 - Fixed a bug where Craft wasn’t attempting to set a unique URI on duplicated elements. ([#4253](https://github.com/craftcms/cms/issues/4253))
 - Fixed a bug where Table fields could copy cell values to other cells if a column had a handle in the format of “colX”. ([#4200](https://github.com/craftcms/cms/issues/4200))
+- Fixed an error that could occur on the Login page if a custom Login Page Logo was selected. ([#4261](https://github.com/craftcms/cms/issues/4261))
 
 ## 3.1.26 - 2019-05-08
 

diff --git a/src/templates/login.html b/src/templates/login.html
@@ -34,7 +34,7 @@
                     '<form id="login-form" method="post" accept-charset="UTF-8" {% if hasLogo -%}
             {%- set logo = craft.rebrand.logo -%}
             {%- set padding = logo.height + 30 -%}
-        class="has-logo" style="background-image: url(\'{{ logo.url }}\'); background-size: {{ logo.width }}px {{ logo.height }}px; padding-top: {{ padding }}px; margin-top: -{{ ((353+padding)/2)|round }}px"
+        class="has-logo" style="background-image: url(\'{{ logo.url|e('css')|e('js') }}\'); background-size: {{ logo.width }}px {{ logo.height }}px; padding-top: {{ padding }}px; margin-top: -{{ ((353+padding)/2)|round }}px"
                 {%- endif %}>' +
             '{% if not hasLogo -%}<h1>{{ systemName }}</h1>{%- endif %}'+
             "{{ forms.textField({ id: 'loginName', name: 'username', placeholder: usernamePlaceholder, value: username, autocomplete: 'username', type: usernameType })|e('js') }}" +

diff --git a/src/templates/settings/general/_images/image.html b/src/templates/settings/general/_images/image.html
@@ -5,7 +5,7 @@
         {% if craft.rebrand.isImageUploaded(imageType) -%}
             {% set image = craft.rebrand.getImageVariable(imageType) %}
             {% if image.width > 0 and image.height > 0 %}
-                 style="background-image: url('{{ image.url }}'); width: {{ image.width }}px; height: {{ image.height }}px;"
+                 style="background-image: url('{{ image.url|e('css') }}'); width: {{ image.width }}px; height: {{ image.height }}px;"
                  data-url="{{ image.url }}"
              {% endif %}
         {%- endif %}>