Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-95hx-62rh-gg96
Do not unescape form message data
  • Loading branch information
PierreRambaud committed Sep 15, 2020
2 parents a883e56 + aa3c779 commit ecd9f5d
Showing 1 changed file with 9 additions and 8 deletions.
17 changes: 9 additions & 8 deletions contactform.php
Expand Up @@ -317,7 +317,7 @@ public function getWidgetVariables($hookName = null, array $configuration = [])
}
}
$this->contact['contacts'] = $this->getTemplateVarContact();
$this->contact['message'] = html_entity_decode(Tools::getValue('message'));
$this->contact['message'] = Tools::getValue('message');
$this->contact['allow_file_upload'] = (bool) Configuration::get('PS_CUSTOMER_SERVICE_FILE_UPLOAD');

if (!(bool)Configuration::isCatalogMode()) {
Expand Down Expand Up @@ -388,9 +388,10 @@ public function getTemplateVarOrders()
{
$orders = [];

if (!isset($this->customer_thread['id_order'])
if (empty($this->customer_thread['id_order'])
&& isset($this->context->customer)
&& $this->context->customer->isLogged()) {
&& $this->context->customer->isLogged()
) {
$customer_orders = Order::getCustomerOrders($this->context->customer->id);

foreach ($customer_orders as $customer_order) {
Expand All @@ -401,7 +402,7 @@ public function getTemplateVarOrders()
$orders[$customer_order['id_order']]['products'] = $myOrder->getProducts();
}
}
} elseif (isset($this->customer_thread['id_order']) && (int)$this->customer_thread['id_order'] > 0) {
} elseif (isset($this->customer_thread['id_order']) && (int) $this->customer_thread['id_order'] > 0) {
$myOrder = new Order($this->customer_thread['id_order']);

if (Validate::isLoadedObject($myOrder)) {
Expand All @@ -411,13 +412,13 @@ public function getTemplateVarOrders()
}
}

if (isset($this->customer_thread['id_product'])) {
if (!empty($this->customer_thread['id_product'])) {
$id_order = isset($this->customer_thread['id_order']) ?
(int)$this->customer_thread['id_order'] :
(int) $this->customer_thread['id_order'] :
0;

$orders[$id_order]['products'][(int)$this->customer_thread['id_product']] = $this->context->controller->objectPresenter->present(
new Product((int)$this->customer_thread['id_product'])
new Product((int) $this->customer_thread['id_product'])
);
}

Expand Down Expand Up @@ -586,7 +587,7 @@ public function sendMessage()
'{lastname}' => '',
'{order_name}' => '-',
'{attached_file}' => '-',
'{message}' => Tools::nl2br(Tools::stripslashes($message)),
'{message}' => Tools::nl2br(Tools::htmlentitiesUTF8(Tools::stripslashes($message))),
'{email}' => $from,
'{product_name}' => '',
];
Expand Down

0 comments on commit ecd9f5d

Please sign in to comment.