From 8e4da81e16eacdcc4836723767ca6e6185506e0a Mon Sep 17 00:00:00 2001
From: Jules Cournut <jcournut@openstudio.fr>
Date: Fri, 16 Sep 2022 16:37:34 +0200
Subject: [PATCH] fix XSS vulnerability

---
 Config/module.xml                      | 2 +-
 EventListener/CanonicalUrlListener.php | 8 +-------
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/Config/module.xml b/Config/module.xml
index b5c1397..e2efa09 100644
--- a/Config/module.xml
+++ b/Config/module.xml
@@ -13,7 +13,7 @@
         <language>en_US</language>
         <language>fr_FR</language>
     </languages>
-    <version>2.1.1</version>
+    <version>2.1.2</version>
     <authors>
         <author>
             <name>Gilles Bourgeat</name>
diff --git a/EventListener/CanonicalUrlListener.php b/EventListener/CanonicalUrlListener.php
index eb27c77..5e8674e 100644
--- a/EventListener/CanonicalUrlListener.php
+++ b/EventListener/CanonicalUrlListener.php
@@ -87,13 +87,7 @@ public function generateUrlCanonical(CanonicalUrlEvent $event): void
 
             $canonicalUrl = rtrim($canonicalUrl, '/');
         } else {
-            if (null === $queryString = $request->server->get('QUERY_STRING')) {
-                $queryString = $request->getQueryString();
-            }
-
-            if (!empty($queryString)) {
-                $canonicalUrl .= '/?'.$queryString;
-            }
+            $canonicalUrl .= '/?'. (array_key_exists("query", $parseUrlByCurrentLocale)) ? $parseUrlByCurrentLocale['query'] : "";
         }
 
         try {