diff --git a/tools/bazar/handlers/RssHandler.php b/tools/bazar/handlers/RssHandler.php index f71911eab..b387cf234 100755 --- a/tools/bazar/handlers/RssHandler.php +++ b/tools/bazar/handlers/RssHandler.php @@ -16,10 +16,13 @@ public function run() $urlrss = $this->wiki->href('rss'); if (isset($_GET['id'])) { - $id = $_GET['id']; - $urlrss .= '&id='.$id; + $id = filter_input(INPUT_GET, 'id', FILTER_UNSAFE_RAW); + $id = ($id === false) ? "" : htmlspecialchars(strip_tags($id)); } elseif (isset($_GET['id_typeannonce'])) { - $id = $_GET['id_typeannonce']; + $id = filter_input(INPUT_GET, 'id_typeannonce', FILTER_UNSAFE_RAW); + $id = ($id === false) ? "" : htmlspecialchars(strip_tags($id)); + } + if (!empty($id) && strval($id) == strval(intval($id))) { $urlrss .= '&id='.$id; } else { $id = ''; diff --git a/tools/bazar/services/EntryManager.php b/tools/bazar/services/EntryManager.php index 5d1088a99..5af05664b 100644 --- a/tools/bazar/services/EntryManager.php +++ b/tools/bazar/services/EntryManager.php @@ -193,11 +193,14 @@ private function prepareSearchRequest(&$params = [], bool $filterOnReadACL = fal if (!empty($params['formsIds'])) { if (is_array($params['formsIds'])) { $requete .= ' AND (' . join(' OR ', array_map(function ($formId) { - return 'body LIKE \'%"id_typeannonce":"' . $formId . '"%\''; - }, $params['formsIds'])).') '; - } else { + return 'body LIKE \'%"id_typeannonce":"' . $this->dbService->escape(strval($formId)) . '"%\''; + }, array_filter( + $params['formsIds'], + 'is_scalar' + ))).') '; + } elseif (is_scalar($params['formsIds'])) { // on a une chaine de caractere pour l'id plutot qu'un tableau - $requete .= ' AND body LIKE \'%"id_typeannonce":"' . $params['formsIds'] . '"%\''; + $requete .= ' AND body LIKE \'%"id_typeannonce":"' . $this->dbService->escape(strval($params['formsIds'])) . '"%\''; } }