PresideObjectViewService: _parseFieldsFromViewFile() has a leaky regex

Description

The regex in _parseFieldsFromViewFile() that detects script-based params is malformed and detects incorrect matches.

It detects param ... name= - and continues to the next semicolon. However, this matches the script-based tags too, up to the next semicolon.

So, for example, this:

will have the following matches:

... and in turn, these matches will cause the previously-set fields to be overwritten and misconfigured - for example, changing the fieldname or renderer - with unpredictable results.

The solution is to ensure that if a > is encountered before the semicolon, then the regex does not match.

Environment

None

Assignee

Seb Duggan

Reporter

Seb Duggan

Labels

None

Accepted

Yes

Fix versions

Affects versions

Priority

Medium
Configure