Sharing is helping.

We offer you this space to share your knowledge about Magento and learn from our experienced customers.


    Home Forums "How do I" questions catalog search xss vulnerability

    Tagged: 

    This topic contains 2 replies, has 1 voice, and was last updated by  Bart 3 years, 12 months ago.

    Viewing 3 posts - 1 through 3 (of 3 total)
    • Author
      Posts
    • #5518

      Anonymous

      Does anyone know a solution to the catalog search cross-site scripting (xss) vulnerability?

      Editing the breadcrumbs.phtml file as discussed in http://blog.nexcess.net/2011/04/02/magento-catalogsearch-xss-on-some-themes/ does not help.

      #5519

      Anonymous

      The problem lies in: /app/code/core/Mage/CatalogSearch/Helper/Data.php

      Line 143,

      /**
      * Retrieve HTML escaped search query
      *
      * @return string
      */
      public function getEscapedQueryText()
      {
      return $this->htmlEscape($this->getQueryText());
      }

      This will only escape < > and “.

      It would be nice to allow only a-z, A-Z and numbers.

      #19361

      Bart

      Try this:

      /**
      * Retrieve HTML escaped search query
      *
      * @return string
      */
      public function getEscapedQueryText()
      {
      if ( !preg_match ( “/^[a-z A-Z 0-9 -]+$/”, $_queryText ) ) { return false; }
      return $this->htmlEscape($this->getQueryText());
      }

    Viewing 3 posts - 1 through 3 (of 3 total)
    Reply To: catalog search xss vulnerability
    Your information:





    <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">