validate search text is printable (#2174)

shopsys · Jan 13, 2021 · 2bdd245 · 2bdd245
1 parent 50d73ce
commit 2bdd245
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 2 deletions.
diff --git a/src/Controller/Front/ProductController.php b/src/Controller/Front/ProductController.php
@@ -6,6 +6,7 @@
 
 use App\Form\Front\Product\ProductFilterFormType;
 use Shopsys\FrameworkBundle\Component\Domain\Domain;
+use Shopsys\FrameworkBundle\Component\String\TransformString;
 use Shopsys\FrameworkBundle\Model\Category\Category;
 use Shopsys\FrameworkBundle\Model\Category\CategoryFacade;
 use Shopsys\FrameworkBundle\Model\Module\ModuleFacade;
@@ -26,6 +27,7 @@
 class ProductController extends FrontBaseController
 {
     public const SEARCH_TEXT_PARAMETER = 'q';
+    private const SEARCH_TEXT_DEFAULT_VALUE = '';
     public const PAGE_QUERY_PARAMETER = 'page';
     public const PRODUCTS_PER_PAGE = 12;
 
@@ -259,7 +261,9 @@ public function listByBrandAction(Request $request, $id)
      */
     public function searchAction(Request $request)
     {
-        $searchText = $request->query->get(self::SEARCH_TEXT_PARAMETER, '');
+        $searchText = TransformString::replaceInvalidUtf8CharactersByQuestionMark(
+            (string)$request->query->get(self::SEARCH_TEXT_PARAMETER, self::SEARCH_TEXT_DEFAULT_VALUE)
+        );
 
         $requestPage = $request->get(self::PAGE_QUERY_PARAMETER);
         if (!$this->isRequestPageValid($requestPage)) {

diff --git a/src/Controller/Front/SearchController.php b/src/Controller/Front/SearchController.php
@@ -4,6 +4,7 @@
 
 namespace App\Controller\Front;
 
+use Shopsys\FrameworkBundle\Component\String\TransformString;
 use Shopsys\FrameworkBundle\Model\Category\CategoryFacade;
 use Shopsys\FrameworkBundle\Model\Product\ProductOnCurrentDomainFacadeInterface;
 use Symfony\Component\HttpFoundation\Request;
@@ -64,7 +65,9 @@ public function autocompleteAction(Request $request)
      */
     public function boxAction(Request $request)
     {
-        $searchText = $request->query->get(ProductController::SEARCH_TEXT_PARAMETER);
+        $searchText = TransformString::replaceInvalidUtf8CharactersByQuestionMark(
+            (string)$request->query->get(ProductController::SEARCH_TEXT_PARAMETER)
+        );
 
         return $this->render('Front/Content/Search/searchBox.html.twig', [
             'searchText' => $searchText,