From 439703abdf7191cd42e63da277cf74944ef2fb51 Mon Sep 17 00:00:00 2001
From: Ryan Cramer <ryan@processwire.com>
Date: Fri, 4 Mar 2022 08:28:33 -0500
Subject: [PATCH] Attempt fix for issue processwire/processwire-issues#1536

---
 .../Process/ProcessField/ProcessField.module  | 21 +++++++++++++------
 .../ProcessTemplate/ProcessTemplate.module    | 16 ++++++++------
 2 files changed, 25 insertions(+), 12 deletions(-)

diff --git a/wire/modules/Process/ProcessField/ProcessField.module b/wire/modules/Process/ProcessField/ProcessField.module
index 3d816536..2283fe59 100644
--- a/wire/modules/Process/ProcessField/ProcessField.module
+++ b/wire/modules/Process/ProcessField/ProcessField.module
@@ -461,8 +461,8 @@ class ProcessField extends Process implements ConfigurableModule {
 		$this->breadcrumb('../', $labels['fields']);
 		
 		$tags = $fields->getTags();
-		$editTag = $input->get->name('edit_tag');
-		$saveTag = $input->post->name('save_tag');
+		$editTag = $sanitizer->words($input->get->text('edit_tag'), array('separator' => '-'));
+		$saveTag = $sanitizer->words($input->post->text('save_tag'), array('separator' => '-'));
 		
 		$collapsedTags = $modules->getConfig($this, 'collapsedTags');
 		if(!is_array($collapsedTags)) $collapsedTags = array();
@@ -473,8 +473,9 @@ class ProcessField extends Process implements ConfigurableModule {
 			$this->headline("$labels[tag] - " . (isset($tags[$editTag]) ? $tags[$editTag] : $editTag));
 			
 			/** @var InputfieldName $f */
-			$f = $modules->get('InputfieldName');
+			$f = $modules->get('InputfieldText');
 			$f->attr('name', 'rename_tag');
+			$f->label = $this->_('Tag name');
 			$f->attr('value', isset($tags[$editTag]) ? $tags[$editTag] : $editTag);
 			$f->collapsed = Inputfield::collapsedYes;
 			$f->addClass('InputfieldIsSecondary', 'wrapClass');
@@ -515,8 +516,9 @@ class ProcessField extends Process implements ConfigurableModule {
 			
 		} else if($saveTag) {
 			// save tag
+			
 			$tagFields = $sanitizer->names($input->post('tag_fields'));
-			$renameTag = $input->post->templateName('rename_tag');
+			$renameTag = $sanitizer->words($input->post->text('rename_tag'), array('separator' => '-')); 
 			$isCollapsed = (int) $input->post('tag_collapsed');
 			$removeTag = '';
 			if($renameTag && $renameTag != $saveTag) {
@@ -578,9 +580,10 @@ class ProcessField extends Process implements ConfigurableModule {
 
 			$form->attr('method', 'get');
 			/** @var InputfieldName $f */
-			$f = $modules->get('InputfieldName');
+			$f = $modules->get('InputfieldText');
 			$f->attr('name', 'edit_tag');
 			$f->label = $this->_('Add new tag');
+			$f->description = $this->_('You may use letters, digits or underscore.'); 
 			$f->icon = 'tag';
 			$f->addClass('InputfieldIsSecondary', 'wrapClass');
 			$form->add($f);
@@ -2217,6 +2220,7 @@ class ProcessField extends Process implements ConfigurableModule {
 
 		/** @var Languages $languages */
 		$languages = $this->wire('languages');
+		$sanitizer = $this->wire()->sanitizer;
 	
 		foreach($wrapper->children() as $inputfield) {
 
@@ -2272,6 +2276,10 @@ class ProcessField extends Process implements ConfigurableModule {
 			if(($name == 'showIf' || $name == 'requiredIf') && strlen($value)) {
 				$this->checkInputfieldDependencySetting($inputfield);
 			}
+			
+			if($name === 'tags') {
+				$value = $sanitizer->words($value);
+			}
 
 			$this->field->set($name, $value); 
 
@@ -3025,7 +3033,7 @@ class ProcessField extends Process implements ConfigurableModule {
 			);
 		} else if($segment === 'tags') {
 			$data = array(
-				'edit_tag' => $input->get->name('edit_tag'), 
+				'edit_tag' => $sanitizer->word($input->get->text('edit_tag')), 
 			);
 		} else if($segment === 'edit') {
 			$data = array(
@@ -3057,6 +3065,7 @@ class ProcessField extends Process implements ConfigurableModule {
 		} else {
 			$segment = '';
 		}
+		foreach($data as $key => $value) $data[$key] = urlencode($value);
 		return $page->url() . $segment . (count($data) ? '?' . implode('&', $data) : '');
 	}
 
diff --git a/wire/modules/Process/ProcessTemplate/ProcessTemplate.module b/wire/modules/Process/ProcessTemplate/ProcessTemplate.module
index ac9d0ec4..ac95c602 100644
--- a/wire/modules/Process/ProcessTemplate/ProcessTemplate.module
+++ b/wire/modules/Process/ProcessTemplate/ProcessTemplate.module
@@ -2803,7 +2803,7 @@ class ProcessTemplate extends Process implements ConfigurableModule {
 			'noPrependTemplateFile' => 'post-int', // field may not be present on all submissions
 			'noAppendTemplateFile' => 'post-int', // field may not be present on all submissions
 			'compile' => 'post-int',
-			'tags' => 'text',
+			'tags' => 'words',
 			'contentType' => 'none',
 			'noShortcut' => 'post-1',
 			'noMove' => 'int',
@@ -2823,6 +2823,8 @@ class ProcessTemplate extends Process implements ConfigurableModule {
 					$value = (int) $value;
 				} else if($sanitizerName = 'text') {
 					$value = $sanitizer->text($value);
+				} else if($sanitizerName = 'words') {
+					$value = $sanitizer->words($value);
 				} else {
 					// use as-is
 				}
@@ -3648,8 +3650,8 @@ class ProcessTemplate extends Process implements ConfigurableModule {
 		$this->breadcrumb('../', $labels['templates']);
 
 		$templateNamesByTag = $templates->getTags(true);
-		$editTag = $input->get->name('edit_tag');
-		$saveTag = $input->post->name('save_tag');
+		$editTag = $sanitizer->words($input->get->text('edit_tag'), array('separator' => '-'));
+		$saveTag = $sanitizer->words($input->post->text('save_tag'), array('separator' => '-'));
 
 		$tags = array();
 		foreach(array_keys($templateNamesByTag) as $tag) {
@@ -3665,8 +3667,9 @@ class ProcessTemplate extends Process implements ConfigurableModule {
 			$this->headline("$labels[tags] - " . (isset($tags[$editTag]) ? $tags[$editTag] : $editTag));
 
 			/** @var InputfieldName $f */
-			$f = $modules->get('InputfieldName');
+			$f = $modules->get('InputfieldText');
 			$f->attr('name', 'rename_tag');
+			$f->label = $this->_('Tag name');
 			$f->attr('value', isset($tags[$editTag]) ? $tags[$editTag] : $editTag);
 			$f->collapsed = Inputfield::collapsedYes;
 			$f->addClass('InputfieldIsSecondary', 'wrapClass');
@@ -3710,7 +3713,7 @@ class ProcessTemplate extends Process implements ConfigurableModule {
 		} else if($saveTag) {
 			// save tag
 			$tagTemplates = $sanitizer->names($input->post('tag_templates'));
-			$renameTag = $input->post->templateName('rename_tag');
+			$renameTag = $sanitizer->word($input->post->text('rename_tag'), array('separator' => '-'));
 			$isCollapsed = (int) $input->post('tag_collapsed');
 			$removeTag = '';
 			if($renameTag && $renameTag != $saveTag) {
@@ -3767,9 +3770,10 @@ class ProcessTemplate extends Process implements ConfigurableModule {
 
 			$form->attr('method', 'get');
 			/** @var InputfieldName $f */
-			$f = $modules->get('InputfieldName');
+			$f = $modules->get('InputfieldText');
 			$f->attr('name', 'edit_tag');
 			$f->label = $this->_('Add new tag');
+			$f->description = $this->_('You may use letters, digits, hyphens, underscores.');
 			$f->icon = 'tag';
 			$f->addClass('InputfieldIsSecondary', 'wrapClass');
 			$form->add($f);