groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-06-29 22:11:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Fixed stored XSS vulnerability in BOM Validation Service

Browse source
This commit is contained in:
Jan Böhmer 2026-06-14 11:55:16 +02:00
parent 8421636b1c
commit c9dd27712c
2 changed files with 11 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/Services/ImportExportSystem/BOMValidationService.php
View file

@ -29,13 +29,13 @@ use Symfony\Contracts\Translation\TranslatorInterface;
/** /**
* Service for validating BOM import data with comprehensive validation rules * Service for validating BOM import data with comprehensive validation rules
* and user-friendly error messages. * and user-friendly error messages. The results are not HTML safe, and must be escaped before display!
*/ */
class BOMValidationService readonly class BOMValidationService
{ {
public function __construct( public function __construct(
private readonly EntityManagerInterface $entityManager, private EntityManagerInterface $entityManager,
private readonly TranslatorInterface $translator private TranslatorInterface $translator
) { ) {
} }
@ -473,4 +473,4 @@ class BOMValidationService
: 0, : 0,
]; ];
} }
} }

12
templates/projects/_bom_validation_results.html.twig
View file

@ -68,7 +68,7 @@
<p class="mb-2">{% trans %}project.bom_import.validation.errors.description{% endtrans %}</p> <p class="mb-2">{% trans %}project.bom_import.validation.errors.description{% endtrans %}</p>
<ul class="mb-0"> <ul class="mb-0">
{% for error in validation_result.errors %} {% for error in validation_result.errors %}
<li>{{ error|raw }}</li> <li>{{ error }}</li>
{% endfor %} {% endfor %}
</ul> </ul>
</div> </div>
@ -80,7 +80,7 @@
<p class="mb-2">{% trans %}project.bom_import.validation.warnings.description{% endtrans %}</p> <p class="mb-2">{% trans %}project.bom_import.validation.warnings.description{% endtrans %}</p>
<ul class="mb-0"> <ul class="mb-0">
{% for warning in validation_result.warnings %} {% for warning in validation_result.warnings %}
<li>{{ warning|raw }}</li> <li>{{ warning }}</li>
{% endfor %} {% endfor %}
</ul> </ul>
</div> </div>
@ -91,7 +91,7 @@
<h4><i class="fa-solid fa-info-circle fa-fw"></i> {% trans %}project.bom_import.validation.info.title{% endtrans %}</h4> <h4><i class="fa-solid fa-info-circle fa-fw"></i> {% trans %}project.bom_import.validation.info.title{% endtrans %}</h4>
<ul class="mb-0"> <ul class="mb-0">
{% for info in validation_result.info %} {% for info in validation_result.info %}
<li>{{ info|raw }}</li> <li>{{ info }}</li>
{% endfor %} {% endfor %}
</ul> </ul>
</div> </div>
@ -139,21 +139,21 @@
{% if line_result.errors is not empty %} {% if line_result.errors is not empty %}
<div class="text-danger"> <div class="text-danger">
{% for error in line_result.errors %} {% for error in line_result.errors %}
<div><i class="fa-solid fa-exclamation-triangle fa-fw"></i> {{ error|raw }}</div> <div><i class="fa-solid fa-exclamation-triangle fa-fw"></i> {{ error }}</div>
{% endfor %} {% endfor %}
</div> </div>
{% endif %} {% endif %}
{% if line_result.warnings is not empty %} {% if line_result.warnings is not empty %}
<div class="text-warning"> <div class="text-warning">
{% for warning in line_result.warnings %} {% for warning in line_result.warnings %}
<div><i class="fa-solid fa-exclamation-circle fa-fw"></i> {{ warning|raw }}</div> <div><i class="fa-solid fa-exclamation-circle fa-fw"></i> {{ warning }}</div>
{% endfor %} {% endfor %}
</div> </div>
{% endif %} {% endif %}
{% if line_result.info is not empty %} {% if line_result.info is not empty %}
<div class="text-info"> <div class="text-info">
{% for info in line_result.info %} {% for info in line_result.info %}
<div><i class="fa-solid fa-info-circle fa-fw"></i> {{ info|raw }}</div> <div><i class="fa-solid fa-info-circle fa-fw"></i> {{ info }}</div>
{% endfor %} {% endfor %}
</div> </div>
{% endif %} {% endif %}