From cbb4281a37c234bbc76b9c1986f20b525b633612 Mon Sep 17 00:00:00 2001 From: jf-cbd Date: Fri, 29 Nov 2024 16:40:34 +0100 Subject: [PATCH] =?UTF-8?q?N=C2=B07980=20-=20security=20hardening?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/Service/Import/CSVImportPageProcessor.php | 1 + tests/php-unit-tests/unitary-tests/core/BulkChangeTest.php | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/sources/Service/Import/CSVImportPageProcessor.php b/sources/Service/Import/CSVImportPageProcessor.php index 5ad42ef5c..688f60941 100644 --- a/sources/Service/Import/CSVImportPageProcessor.php +++ b/sources/Service/Import/CSVImportPageProcessor.php @@ -592,6 +592,7 @@ EOF */ private static function GetDivAlert(string $message): string { + $message = utils::EscapeHtml($message); return "
$message
\n"; } diff --git a/tests/php-unit-tests/unitary-tests/core/BulkChangeTest.php b/tests/php-unit-tests/unitary-tests/core/BulkChangeTest.php index 7ca006bfa..7d401b63d 100644 --- a/tests/php-unit-tests/unitary-tests/core/BulkChangeTest.php +++ b/tests/php-unit-tests/unitary-tests/core/BulkChangeTest.php @@ -101,13 +101,14 @@ class BulkChangeTest extends ItopDataTestCase //$this->debug("sStatus:".$sStatus->GetDescription()); $this->assertEquals($aResult["__STATUS__"], $sStatus->GetDescription()); foreach ($aRow as $i => $oCell) { + /** @var $oCell \CellChangeSpec */ if ($i !== "finalclass" && $i !== "__STATUS__" && $i !== "__ERRORS__" && array_key_exists($i, $aResult)) { $this->debug("i:".$i); $this->debug('GetCLIValue:'.$oCell->GetCLIValue()); $this->debug("aResult:".$aResult[$i]); - $this->assertEquals($aResult[$i], $oCell->GetCLIValue()); + $this->assertEquals($aResult[$i], $oCell->GetCLIValue(), "Unexpected CLI result for cell " . $i); if (null !== $aResultHTML) { - $this->assertEquals($aResultHTML[$i], $oCell->GetHTMLValue()); + $this->assertEquals($aResultHTML[$i], $oCell->GetHTMLValue(), "Unexpected HTML result for cell " . $i); } } }