From bbb4abaa427a474c45b2a7549c17383d15a3b590 Mon Sep 17 00:00:00 2001
From: Max Frerichs <max.frerichs@lfda.de>
Date: Tue, 21 May 2024 14:23:48 +0200
Subject: [PATCH] [BUGFIX] sanitize searchString to prevent XSS attacks.

---
 Classes/Controller/SearchController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Classes/Controller/SearchController.php b/Classes/Controller/SearchController.php
index 20df0e9..23b2a42 100644
--- a/Classes/Controller/SearchController.php
+++ b/Classes/Controller/SearchController.php
@@ -14,7 +14,7 @@ class SearchController extends ActionController
 {
     public function searchAction()
     {
-        $searchString = $this->request->getQueryParams()[($this->settings['parameters']['search'] ?? 'q')];
+        $searchString = htmlspecialchars(strip_tags($this->request->getQueryParams()[($this->settings['parameters']['search'] ?? 'q')]), ENT_QUOTES, 'UTF-8');
         $currentPage = $this->request->getQueryParams()[($this->settings['parameters']['page'] ?? 'p')];
         $currentPage = max(1, $currentPage ? (int)$currentPage : 1);
         $category = $this->request->getQueryParams()[($this->settings['parameters']['category'] ?? 'c')];