From 954790465dd32964fcf2074fdb071f01ca634343 Mon Sep 17 00:00:00 2001
From: webchick <webchick@24967.no-reply.drupal.org>
Date: Tue, 10 Dec 2013 23:02:15 -0800
Subject: [PATCH] Issue #2073123 by dsdeiz, maartendeblock | xtfer:
 Drupal_clean_css_identifier() allows invalid CSS identifiers.

---
 core/includes/common.inc                               |  3 +++
 .../system/Tests/Common/HtmlIdentifierUnitTest.php     | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/core/includes/common.inc b/core/includes/common.inc
index 53423de21cd..c946eafdb2b 100644
--- a/core/includes/common.inc
+++ b/core/includes/common.inc
@@ -1827,6 +1827,9 @@ function drupal_clean_css_identifier($identifier, $filter = array(' ' => '-', '_
   // We strip out any character not in the above list.
   $identifier = preg_replace('/[^\x{002D}\x{0030}-\x{0039}\x{0041}-\x{005A}\x{005F}\x{0061}-\x{007A}\x{00A1}-\x{FFFF}]/u', '', $identifier);
 
+  // Identifiers cannot start with a digit, two hyphens, or a hyphen followed by a digit.
+  $identifier = preg_replace(array('/^[0-9]/', '/^(-[0-9])|^(--)/'), array('_', '__') , $identifier);
+
   return $identifier;
 }
 
diff --git a/core/modules/system/lib/Drupal/system/Tests/Common/HtmlIdentifierUnitTest.php b/core/modules/system/lib/Drupal/system/Tests/Common/HtmlIdentifierUnitTest.php
index 73cd1368c7e..ec9bbb486d8 100644
--- a/core/modules/system/lib/Drupal/system/Tests/Common/HtmlIdentifierUnitTest.php
+++ b/core/modules/system/lib/Drupal/system/Tests/Common/HtmlIdentifierUnitTest.php
@@ -52,6 +52,16 @@ class HtmlIdentifierUnitTest extends UnitTestBase {
     // Verify that double underscores are not stripped from the identifier.
     $identifier = 'css__identifier__with__double__underscores';
     $this->assertIdentical(drupal_clean_css_identifier($identifier), $identifier, 'Verify double underscores pass through.');
+
+    // Verify that an identifier starting with a digit is replaced.
+    $this->assertIdentical(drupal_clean_css_identifier('1cssidentifier', array()), '_cssidentifier', 'Verify identifier starting with a digit is replaced.');
+
+    // Verify that an identifier starting with a hyphen followed by a digit is
+    // replaced.
+    $this->assertIdentical(drupal_clean_css_identifier('-1cssidentifier', array()), '__cssidentifier', 'Verify identifier starting with a hyphen followed by a digit is replaced.');
+
+    // Verify that an identifier starting with two hyphens is replaced.
+    $this->assertIdentical(drupal_clean_css_identifier('--cssidentifier', array()), '__cssidentifier', 'Verify identifier starting with two hyphens is replaced.');
   }
 
   /**