From 9879dd3edacc8c4399fef327efdabd0dfe255778 Mon Sep 17 00:00:00 2001
From: Benjamin Renard <brenard@easter-eggs.com>
Date: Fri, 11 Jun 2021 16:21:57 +0200
Subject: [PATCH] LSaddon SUPANN::supannParseCompositeValue(): check global
 value integrity

---
 src/includes/addons/LSaddons.supann.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/includes/addons/LSaddons.supann.php b/src/includes/addons/LSaddons.supann.php
index 7d4b99d9..4264252e 100644
--- a/src/includes/addons/LSaddons.supann.php
+++ b/src/includes/addons/LSaddons.supann.php
@@ -305,6 +305,13 @@ function supannParseLabeledValue($value) {
   * @retval array Un tableau contenant key->value ou false en cas d'erreur
   **/
 function supannParseCompositeValue($val) {
+  // Check value is valid
+  if (!preg_match('/^(\[[^=]+=[^\]\]]*\])+$/', $val)) {
+    LSlog :: get_logger('LSaddon_supann') -> warning("supannParseCompositeValue($val): invalid value");
+    return;
+  }
+
+  // Search for components value
   if (preg_match_all('/\[([^=]*)=([^\]]*)\]/',$val,$matches)) {
     $parseValue = array();
     for($i=0; $i<count($matches[0]); $i++) {