From 6e364a0ab992add2d358796156f85b7bd967db20 Mon Sep 17 00:00:00 2001 From: Eric Espie Date: Tue, 18 Jun 2024 16:00:08 +0200 Subject: [PATCH] =?UTF-8?q?N=C2=B07514=20-=20hardening=20code?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sources/Form/Validator/MultipleChoicesValidator.php | 3 ++- sources/Form/Validator/SelectObjectValidator.php | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/sources/Form/Validator/MultipleChoicesValidator.php b/sources/Form/Validator/MultipleChoicesValidator.php index 33113f1f9..1c34eb6cc 100644 --- a/sources/Form/Validator/MultipleChoicesValidator.php +++ b/sources/Form/Validator/MultipleChoicesValidator.php @@ -53,7 +53,8 @@ class MultipleChoicesValidator extends AbstractValidator private function CheckValueAgainstChoices(string $sValue, array &$aErrorMessages): void { if (false === array_key_exists($sValue, $this->aChoices)) { - $aErrorMessages[] = "Value ({$sValue}) is not part of the field possible values list"; + $sValue = utils::HtmlEntities($sValue); + $aErrorMessages[] = "Value ({$sValue}) is not part of the field possible values list"; } } } \ No newline at end of file diff --git a/sources/Form/Validator/SelectObjectValidator.php b/sources/Form/Validator/SelectObjectValidator.php index a4d0c69cd..3794a353e 100644 --- a/sources/Form/Validator/SelectObjectValidator.php +++ b/sources/Form/Validator/SelectObjectValidator.php @@ -37,6 +37,7 @@ class SelectObjectValidator extends AbstractValidator $iObjectsCount = $oSetForExistingCurrentValue->CountWithLimit(1); if ($iObjectsCount === 0) { + $value = utils::HtmlEntities($value); return ["Value $value does not match the corresponding filter set"]; }