Steps to reproduce bug:
-Log in to a project that uses the intranet skin with a login containing illegal characters (i.e ' )
-Bug:
Caused by: org.ametys.plugins.repository.AmetysRepositoryException: An error occured executing the JCR query : //element(*, ametys:content)[(@ametys-internal:contentType='org.ametys.plugins.userdirectory.Content.user' or @ametys-internal:contentType='org.ametys.plugins.workspaces.Content.member') and ametys-internal:language='en' and ametys:user/@ametys:login='AD'HERET' and ametys:user/@ametys:population='utilisateurs'] at org.ametys.plugins.repository.AmetysObjectResolver.query(AmetysObjectResolver.java:676) at org.ametys.plugins.userdirectory.UserDirectoryHelper._requestUserContentId(UserDirectoryHelper.java:293) at org.ametys.plugins.userdirectory.UserDirectoryHelper.lambda$getUserContent$1(UserDirectoryHelper.java:215) at org.ametys.plugins.core.impl.cache.GuavaCache$2.call(GuavaCache.java:144) at org.ametys.plugins.core.impl.cache.GuavaCache$2.call(GuavaCache.java:140) at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4925) at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3571) at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2313) at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2190) at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2080) at com.google.common.cache.LocalCache.get(LocalCache.java:4012) at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4920) at org.ametys.plugins.core.impl.cache.GuavaCache.get(GuavaCache.java:139) ... 140 more Caused by:_ org.apache.jackrabbit.spi.commons.query.xpath.ParseException: Encountered "\' and ametys:user/@ametys:population=\'" at line 1, column 271. Was expecting one of: "or" ... "and" ... "div" ... "idiv" ... "mod" ... "*" ... "to" ... "intersect" ... "union" ... "except" ... <Instanceof> ... <Castable> ... "/" ... "//" ... "-" ... "+" ... "|" ... "[" ... "]" ... <CastAs> ... <TreatAs> ... "," ... at org.apache.jackrabbit.spi.commons.query.xpath.XPath#generateParseException:9250 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#jj_consume_token:9168 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#Predicate:5231 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#PredicateList:5200 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#AxisStep:4704 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#StepExpr:4594 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#RelativePathExpr:4508 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#PathExpr:4414 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#ValueExpr:4122 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#UnaryExpr:4029 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#CastExpr:3932 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#CastableExpr:3895 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#TreatExpr:3858 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#InstanceofExpr:3821 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#IntersectExceptExpr:3745 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#UnionExpr:3669 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#MultiplicativeExpr:3583 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#AdditiveExpr:3507 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#RangeExpr:3448 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#ComparisonExpr:3350 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#AndExpr:3287 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#OrExpr:3224 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#ExprSingle:2211 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#ForClause:2334 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#FLWORExpr:2230 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#ExprSingle:2130 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#Expr:2091 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#QueryBody:2063 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#MainModule:512 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#Module:387 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#QueryList:151 at org.apache.jackrabbit.spi.commons.query.xpath.XPath#XPath2:118 at org.apache.jackrabbit.spi.commons.query.xpath.XPathQueryBuilder#<init>:300 ... 169 more
This is because the getUserContent method from the UserXSLTHelper class doesn't escape illegal characters.
cf. line 288 of plugin-user-directory\src\org\ametys\plugins\userdirectory\UserDirectoryHelper.java