Merge branch 'hotline#13775-XSS' into 'hotline_6.43'

Hotline#13775 Xss

library/ZendAfi/View/Helper/Avis.php

@@ -120,9 +120,9 @@ class ZendAfi_View_Helper_Avis extends ZendAfi_View_Helper_BaseHelper {
 
 
 	public function contenu_avis($avis) {
-		$entete = $avis->getEntete();
+		$entete = $this->view->escape($avis->getEntete());
 		$url_avis = $this->_getUrlAvis($avis);
-		$format_text_avis = $this->_formatTextAvis($avis->getAvis());
+		$format_text_avis = $this->_formatTextAvis($this->view->escape($avis->getAvis()));
 		$text_avis = $format_text_avis['text_avis'];
 		$lire_la_suite = '';
 		if ($format_text_avis['lire_la_suite'] == true)
@@ -132,7 +132,7 @@ class ZendAfi_View_Helper_Avis extends ZendAfi_View_Helper_BaseHelper {
 
 		$date_avis = $avis->getReadableDateAvis();
 
-		$auteur = $avis->getUserName();
+		$auteur = $this->view->escape($avis->getUserName());
 		$url_auteur = $this->_url($this->_getUrlAuthor($avis));
 
 		$read_speaker_tag = $this->_getReadSpeakerTag($avis);

library/ZendAfi/View/Helper/TagTitreEtNombreDeResultats.php

@@ -30,14 +30,14 @@ class ZendAfi_View_Helper_TagTitreEtNombreDeResultats extends Zend_View_Helper_H
 																							 $nombre_resultats);
 
 		$html='<div class="info-recherche">';
-		$html.='<span>'.$plural_expression.'&nbsp;'.$expression_recherche.'</span>';
+		$html.='<span>' . $plural_expression . '&nbsp;' . $expression_recherche . '</span>';
 
 		return $html.='</div>';
 	}
 
 
 	protected function _getExpressionRecherche( $criteres_recherche ) {
-		$expression_critere_recherche =$criteres_recherche->getExpressionRecherche();
+		$expression_critere_recherche = $this->view->escape($criteres_recherche->getExpressionRecherche());
 		
 		$expression=$this->view->_('pour:&nbsp;');
 		$catalogue=$this->view->_('dans le catalogue:&nbsp;');