Merge branch 'hotline#86891_vulnerabilites_bokeh' into 'hotline'

hotline #86891: XSS vulnerabilities in search queries See merge request !3104

Merge branch 'hotline#86891_vulnerabilites_bokeh' into 'hotline'
hotline #86891: XSS vulnerabilities in search queries See merge request !3104
c3c63298 · Laurent · c64ac9f0 · 5bc04964 · c3c63298 · c3c63298
Commit c3c63298 authored 5 years ago by Laurent
--- a/VERSIONS_HOTLINE/86891
+++ b/VERSIONS_HOTLINE/86891
+ - ticket #86891 : Correction de faille de sécurité sur le moteur de recherche
\ No newline at end of file
--- a/library/Class/CriteresRecherche/Validator.php
+++ b/library/Class/CriteresRecherche/Validator.php
@@ -102,7 +102,7 @@ class Class_CriteresRecherche_ValidatorInArray {


  public function isValid($key, $params) {
-    return in_array($params[$key], $this->_possibles);
+    return is_numeric($params[$key]) && in_array($params[$key], $this->_possibles);
  }
 }


--- a/tests/scenarios/Security/SearchTest.php
+++ b/tests/scenarios/Security/SearchTest.php
@@ -115,4 +115,13 @@ class Security_SearchTest extends AbstractControllerTestCase {
    $this->dispatch('/recherche/simple?' . http_build_query(['expressionRecherche' => '1 <script>_q_q=random()</script>']));
    $this->assertNotContains('1 <script>_q_q=random()</script>', $this->_response->getBody());
  }
+
+
+  /** @test */
+  public function mysqlShouldNotCrashOnInvalidSectionId() {
+    $this->fixture('Class_CodifSection',
+                   ['id' => 1,
+                    'libelle' => 'adultes']);
+    $this->dispatch('/recherche/simple?section=1\'');
+  }
 }