Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-rpg3-f23r-jmqv
Escape alias and search for safe output
  • Loading branch information
PierreRambaud committed Apr 15, 2020
2 parents c464518 + 9bc07ae commit d3bf027
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions controllers/admin/AdminSearchConfController.php
Expand Up @@ -391,11 +391,11 @@ public function processSave()
$this->errors[] = $this->trans('Aliases and results are both required.', array(), 'Admin.Shopparameters.Notification');
}
if (!Validate::isValidSearch($search)) {
$this->errors[] = $search . ' ' . $this->trans('Is not a valid result', array(), 'Admin.Shopparameters.Notification');
$this->errors[] = Tools::safeOutput($search) . ' ' . $this->trans('Is not a valid result', array(), 'Admin.Shopparameters.Notification');
}
foreach ($aliases as $alias) {
if (!Validate::isValidSearch($alias)) {
$this->errors[] = $alias . ' ' . $this->trans('Is not a valid alias', array(), 'Admin.Shopparameters.Notification');
$this->errors[] = Tools::safeOutput($alias) . ' ' . $this->trans('Is not a valid alias', array(), 'Admin.Shopparameters.Notification');
}
}

Expand Down

0 comments on commit d3bf027

Please sign in to comment.