From f8973465227c1bc7c21d9b5f1ebbac08704aca79 Mon Sep 17 00:00:00 2001 From: Kamil Kokot Date: Fri, 14 Aug 2020 13:10:43 +0200 Subject: [PATCH] Sanitize request input before passing it to expression language evaluator --- src/Bundle/Grid/Parser/OptionsParser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Bundle/Grid/Parser/OptionsParser.php b/src/Bundle/Grid/Parser/OptionsParser.php index 9c9f8b7f9..44f3d0528 100644 --- a/src/Bundle/Grid/Parser/OptionsParser.php +++ b/src/Bundle/Grid/Parser/OptionsParser.php @@ -79,7 +79,7 @@ private function parseOptionExpression(string $expression, Request $request) $expression = (string) preg_replace_callback('/\$(\w+)/', function (array $matches) use ($request) { $variable = $request->get($matches[1]); - return is_string($variable) ? sprintf('"%s"', $variable) : $variable; + return is_string($variable) ? sprintf('"%s"', addslashes($variable)) : $variable; }, $expression); return $this->expression->evaluate($expression, ['container' => $this->container]);