Merge branch 'hotline#155488_analyse_securite_de_notre_rssi' into 'master'

hotline #155488 : fix XSS in Chili search result See merge request !4435

Merge branch 'hotline#155488_analyse_securite_de_notre_rssi' into 'master'
hotline #155488 : fix XSS in Chili search result See merge request !4435
8217462c · Patrick Barroca · 12d576c9 · 0867fc94 · 8217462c · 8217462c
Commit 8217462c authored 2 years ago by Patrick Barroca
--- a/VERSIONS_HOTLINE/155488
+++ b/VERSIONS_HOTLINE/155488
+ - correctif #155488 : Sécurité : Correction d'une faille XSS dans le résultat de recherche uniquement présente dans le thème Chili
\ No newline at end of file
--- a/library/templates/Chili/View/Search/Result.php
+++ b/library/templates/Chili/View/Search/Result.php
@@ -169,16 +169,16 @@ $(id).on('hide.bs.dropdown', function () { $('body').removeClass('overflow_hidde
  protected function _getTitle($title_from_url, $text_criteria) {
-    $title = $this->_criteria->getExpressionRecherche()
+    $title = $this->_criteria->hasExpressionRecherche()
-      ? $this->_criteria->getExpressionRecherche()
+      ? $this->view->escape(strip_tags($this->_criteria->getExpressionRecherche()))
      : strtolower($title_from_url);
    return $this->_plural($this->_search->getRecordsCount(),
                          'Aucun résultat pour la recherche : %s',
                          'Résultat pour la recherche : %s',
                          'Résultats pour la recherche : %s',
-                          $this->_tag('span', sprintf('"%s"',$title), ['class' => 'searched_word']));
+                          $this->_tag('span', sprintf('"%s"', $title),
+                                      ['class' => 'searched_word']));
  }

--- a/tests/scenarios/Security/SearchInTemplatesTest.php
+++ b/tests/scenarios/Security/SearchInTemplatesTest.php
@@ -19,18 +19,50 @@
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
 */
-require_once(__DIR__ . '/SearchTest.php');
+require_once __DIR__ . '/SearchTest.php';
+abstract class Security_SearchInTemplateTestCase extends Security_SearchTest {
+  protected string $_template_id = '';
-class Security_SearchInTemplateTest extends Security_SearchTest {
  public function setUp() {
    parent::setUp();
-    $this->_buildTemplateProfil(['id' => 12]);
+    $this->_buildTemplateProfil(['id' => 12, 'template' => $this->_template_id]);
    $this->_default_params['id_profil'] = 12;
  }
 }
+class Security_SearchInTemplateIntonationTest extends Security_SearchInTemplateTestCase {
+  protected string $_template_id = Intonation_Template::ID;
+}
+class Security_SearchInTemplateChiliTest extends Security_SearchInTemplateTestCase {
+  protected string $_template_id = Chili_Template::ID;
+}
+class Security_SearchInTemplateHerissonTest extends Security_SearchInTemplateTestCase {
+  protected string $_template_id = Herisson_Template::ID;
+}
+class Security_SearchInTemplateMuscleTest extends Security_SearchInTemplateTestCase {
+  protected string $_template_id = Muscle_Template::ID;
+}
+class Security_SearchInTemplateMyBibAppTest extends Security_SearchInTemplateTestCase {
+  protected string $_template_id = MyBibApp_Template::ID;
+}
+class Security_SearchInTemplatePolygoneTest extends Security_SearchInTemplateTestCase {
+  protected string $_template_id = Polygone_Template::ID;
+}
+class Security_SearchInTemplateTerreDuMilieuTest extends Security_SearchInTemplateTestCase {
+  protected string $_template_id = TerreDuMilieu_Template::ID;
+}
 class Security_SearchInTemplatesViewNoticeJsXssTest extends Security_SearchViewNoticeTestCase {