Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-87jh-7xpg-6v93
Escape the document.location link and always cast ids
  • Loading branch information
PierreRambaud committed Apr 15, 2020
2 parents 06b7765 + 39ba79d commit 9efca62
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
Expand Up @@ -50,7 +50,7 @@
{if isset($params.align)} {$params.align}{/if}{/strip}"
{if (!isset($params.position) && !$no_link && !isset($params.remove_onclick))}
{if isset($tr.link) }
onclick="document.location = '{$tr.link}'">
onclick="document.location = '{$tr.link|addslashes|escape:'html':'UTF-8'}'">
{else}
onclick="document.location = '{$current_index|addslashes|escape:'html':'UTF-8'}&{$identifier|escape:'html':'UTF-8'}={$tr.$identifier|escape:'html':'UTF-8'}{if $view}&view{else}&update{/if}{$table|escape:'html':'UTF-8'}{if $page > 1}&page={$page|intval}{/if}&token={$token|escape:'html':'UTF-8'}'">
{/if}
Expand Down
4 changes: 2 additions & 2 deletions controllers/admin/AdminFeaturesController.php
Expand Up @@ -115,7 +115,7 @@ protected function setTypeFeature()

public function renderView()
{
if (($id = Tools::getValue('id_feature'))) {
if (($id = (int) Tools::getValue('id_feature'))) {
$this->setTypeValue();
$this->list_id = 'feature_value';
$this->lang = true;
Expand Down Expand Up @@ -299,7 +299,7 @@ public function initToolbarTitle()

case 'editFeatureValue':
if (Tools::getValue('id_feature_value')) {
if (($id = Tools::getValue('id_feature'))) {
if (($id = (int) Tools::getValue('id_feature'))) {
if (Validate::isLoadedObject($obj = new Feature((int) $id))) {
$bread_extended[] = '<a href="' . Context::getContext()->link->getAdminLink('AdminFeatures') . '&id_feature=' . $id . '&viewfeature">' . $obj->name[$this->context->employee->id_lang] . '</a>';
}
Expand Down

0 comments on commit 9efca62

Please sign in to comment.