[MAGNOLIA-7687] Solr Plugin does not sanitize query string Created: 19/Nov/19 Updated: 02/Apr/20 |
|
| Status: | Accepted |
| Project: | Magnolia |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Neutral |
| Reporter: | Sebastian Kleine | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | maintenance | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Template: |
|
| Acceptance criteria: |
Empty
|
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
| Date of First Response: |
| Description |
|
The default magnolia solr search does not sanitize user input. We could do interesting things with search terms like ...?queryStr=%3Ca+href%3D%22lol+was+geht%22%3E+spielplatz+%3C%2Fa%3E+%3Cimg+src%3D%22irgendwas%22+onerror%3D%22window.location%3D%27https%3A%2F%2Fgoogle.de%3Fq%3Dxss%27%22%3E#%22%3E%20spielplatz%20%3C/a%3E or showing an image and trying to link something in the recommendations (Vorschläge) ...?queryStr=%3Ca+href%3D%22www.google.de%22%3E+spielplatz+%3C%2Fa%3E+%3Cimg+src%3D%22https%3A%2F%2Fwww.genobroker-info.de%2Fdam%2Fjcr%3Aa7a45853-1c0e-4327-8639-8cc257b4a80d%2F321_Raiffeisen%2520Aulendorf%2520Logo%25204c1sp.png%22 We tried to sanitize the input by using the following code in the search model:
public String getQueryStr() {
String queryString = super.getQueryStr();
String sanitizesQueryString = StringEscapeUtils.escapeHtml4(queryString);
return sanitizesQueryString;
}
|
| Comments |
| Comment by Simon Lutz [ 21/Nov/19 ] |
|
Hi skleine, thanks a lot for opening this ticket and providing a suggestion. We will review your input and take next actions accordingly. Best regards, |
| Comment by Sebastian Kleine [ 21/Nov/19 ] |
|
Hello, we realizes one thing with the escapeHtml4 -Method. This does escape german special characters (äöüß) as well. So for this the search does not work. We need to rethink our solution. Best regards, |