From 11e00c362fa4e476ecbeaa40f7976244b3c459f2 Mon Sep 17 00:00:00 2001
From: Kamil Kokot <kamil@kokot.me>
Date: Wed, 12 Aug 2020 16:31:51 +0200
Subject: [PATCH] Sanitize request input before passing it to expression
 language evaluator

---
 src/Bundle/Controller/ParametersParser.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Bundle/Controller/ParametersParser.php b/src/Bundle/Controller/ParametersParser.php
index 5804a2f51..c6aca06f8 100644
--- a/src/Bundle/Controller/ParametersParser.php
+++ b/src/Bundle/Controller/ParametersParser.php
@@ -80,7 +80,7 @@ private function parseRequestValueExpression(string $expression, Request $reques
                 ));
             }
 
-            return is_string($variable) ? sprintf('"%s"', $variable) : $variable;
+            return is_string($variable) ? sprintf('"%s"', addslashes($variable)) : $variable;
         }, $expression);
 
         return $this->expression->evaluate($expression, ['container' => $this->container]);