SearchConf: fix XSS vulnerability

Search configuration page allows for XSS injection attack. Related to #774
thirtybees · Aug 6, 2020 · 9234fa8 · 9234fa8
1 parent bd84c2f
commit 9234fa8
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/controllers/admin/AdminSearchConfController.php b/controllers/admin/AdminSearchConfController.php
@@ -397,6 +397,8 @@ public function renderForm()
      *
      * @return void
      *
+     * @throws PrestaShopDatabaseException
+     * @throws PrestaShopException
      * @since 1.0.0
      */
     public function processSave()
@@ -408,11 +410,11 @@ public function processSave()
             $this->errors[] = $this->l('Aliases and results are both required.');
         }
         if (!Validate::isValidSearch($search)) {
-            $this->errors[] = $search.' '.$this->l('Is not a valid result');
+            $this->errors[] = Tools::safeOutput($search) . ' ' . $this->l('Is not a valid result');
         }
         foreach ($aliases as $alias) {
             if (!Validate::isValidSearch($alias)) {
-                $this->errors[] = $alias.' '.$this->l('Is not a valid alias');
+                $this->errors[] = Tools::safeOutput($alias) . ' ' . $this->l('Is not a valid alias');
             }
         }