Skip to content

Commit

Permalink
Fix Xss in the segment name (#490)
Browse files Browse the repository at this point in the history
* Fix Xss in the segment name

* Apply php-cs-fixer changes

* Fix PHP stan

---------

Co-authored-by: aryaantony92 <aryaantony92@users.noreply.github.com>
  • Loading branch information
aryaantony92 and aryaantony92 committed Jul 26, 2023
1 parent 465d227 commit 72f45dd
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
"pear/archive_tar": "^1.4.3",
"pimcore/number-sequence-generator": "^1.0.5",
"pimcore/object-merger": "^3.0",
"pimcore/pimcore": "^10.5",
"pimcore/pimcore": "^10.5.21",
"pimcore/search-query-parser": "^1.3",
"symfony/asset": "^5.3",
"symfony/config": "^5.3",
Expand Down
3 changes: 2 additions & 1 deletion src/View/Formatter/DefaultViewFormatter.php
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
use CustomerManagementFrameworkBundle\Model\CustomerSegmentInterface;
use Pimcore\Model\DataObject\ClassDefinition;
use Pimcore\Model\DataObject\ClassDefinition\Data;
use Pimcore\Security\SecurityHelper;
use Symfony\Contracts\Translation\TranslatorInterface;

class DefaultViewFormatter implements ViewFormatterInterface
Expand Down Expand Up @@ -176,7 +177,7 @@ public function getLocale()
*/
protected function formatSegmentValue(CustomerSegmentInterface $segment)
{
return sprintf('<span class="label label-default">%s</span>', $segment->getName());
return sprintf('<span class="label label-default">%s</span>', SecurityHelper::convertHtmlSpecialChars($segment->getName()));
}

protected function getLanguageFromLocale($locale)
Expand Down

0 comments on commit 72f45dd

Please sign in to comment.