[BUGFIX] sanitize searchString to prevent XSS attacks.

webcoast-dk · May 21, 2024 · bbb4aba · bbb4aba
1 parent 3d707cf
commit bbb4aba
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Classes/Controller/SearchController.php b/Classes/Controller/SearchController.php
@@ -14,7 +14,7 @@ class SearchController extends ActionController
 {
     public function searchAction()
     {
-        $searchString = $this->request->getQueryParams()[($this->settings['parameters']['search'] ?? 'q')];
+        $searchString = htmlspecialchars(strip_tags($this->request->getQueryParams()[($this->settings['parameters']['search'] ?? 'q')]), ENT_QUOTES, 'UTF-8');
         $currentPage = $this->request->getQueryParams()[($this->settings['parameters']['page'] ?? 'p')];
         $currentPage = max(1, $currentPage ? (int)$currentPage : 1);
         $category = $this->request->getQueryParams()[($this->settings['parameters']['category'] ?? 'c')];