From 5d2e6928f33c2f79faa96c988877c02833633062 Mon Sep 17 00:00:00 2001 From: Vasilij Dusko | CREATION Date: Mon, 29 Mar 2021 13:29:53 +0300 Subject: [PATCH] * LightSmsTransport.php - escape phone number --- .../Bridge/LightSms/LightSmsTransport.php | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/src/Symfony/Component/Notifier/Bridge/LightSms/LightSmsTransport.php b/src/Symfony/Component/Notifier/Bridge/LightSms/LightSmsTransport.php index 61f4c8c9c1..e6fa7f946e 100644 --- a/src/Symfony/Component/Notifier/Bridge/LightSms/LightSmsTransport.php +++ b/src/Symfony/Component/Notifier/Bridge/LightSms/LightSmsTransport.php @@ -109,8 +109,8 @@ final class LightSmsTransport extends AbstractTransport $this->getEndpoint(), $this->login, $signature, - str_replace('+', '', $message->getPhone()), - $message->getSubject(), + $this->escapePhoneNumber($message->getPhone()), + $this->escapeSubject($message->getSubject()), $this->phone, time() ); @@ -141,9 +141,9 @@ final class LightSmsTransport extends AbstractTransport $params = [ 'timestamp' => $params['timestamp'], 'login' => $this->login, - 'phone' => str_replace('+', '', $params['message']->getPhone()), + 'phone' => $this->escapePhoneNumber($params['message']->getPhone()), 'sender' => $this->phone, - 'text' => $params['message']->getSubject(), + 'text' => $this->escapeSubject($params['message']->getSubject()), ]; ksort($params); @@ -151,4 +151,14 @@ final class LightSmsTransport extends AbstractTransport return md5(implode('', $params).$this->password); } + + private function escapeSubject($subject): string + { + return strip_tags($subject); + } + + private function escapePhoneNumber($phoneNumber): string + { + return str_replace('+', '', $phoneNumber); + } }