Skip to content

Commit

Permalink
SearchConf: fix XSS vulnerability
Browse files Browse the repository at this point in the history 
Search configuration page allows for XSS injection attack.

Related to thirtybees#774
  • Loading branch information
@getdatakick @eschiendorfer
getdatakick authored and eschiendorfer committed Mar 23, 2022
1 parent 6dc9966 commit 3b87eb9
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions controllers/admin/AdminSearchConfController.php
View file
Expand Up @@ -397,6 +397,8 @@ public function renderForm()
*
* @return void
*
* @throws PrestaShopDatabaseException
* @throws PrestaShopException
* @since 1.0.0
*/
public function processSave()
Expand All @@ -408,11 +410,11 @@ public function processSave()
$this->errors[] = $this->l('Aliases and results are both required.');
}
if (!Validate::isValidSearch($search)) {
$this->errors[] = $search.' '.$this->l('Is not a valid result');
$this->errors[] = Tools::safeOutput($search) . ' ' . $this->l('Is not a valid result');
}
foreach ($aliases as $alias) {
if (!Validate::isValidSearch($alias)) {
$this->errors[] = $alias.' '.$this->l('Is not a valid alias');
$this->errors[] = Tools::safeOutput($alias) . ' ' . $this->l('Is not a valid alias');
}
}

Expand Down

0 comments on commit 3b87eb9

Please sign in to comment.