diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #14699 [2.6] Fix HTML escaping of to-source links (amenk, nicolas-grekas)

Browse Source 
This PR was merged into the 2.6 branch.

Discussion
----------

[2.6] Fix HTML escaping of to-source links

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #14694
| License       | MIT
| Doc PR        | -

Commits
-------

eecd197 [2.6] Fix HTML escaping of to-source links
e9bb160 ExceptionHandler: More Encoding
This commit is contained in:
Fabien Potencier 2015-05-20 10:08:04 +02:00
commit 165bb00fc1
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Symfony/Component/Debug/ExceptionHandler.php
View File

@ -380,7 +380,7 @@ EOF;
$file = preg_match('#[^/\\\\]*$#', $path, $file) ? $file[0] : $path; $file = preg_match('#[^/\\\\]*$#', $path, $file) ? $file[0] : $path;
if ($linkFormat = $this->fileLinkFormat) { if ($linkFormat = $this->fileLinkFormat) {
$link = str_replace(array('%f', '%l'), array($path, $line), $linkFormat); $link = strtr($this->escapeHtml($linkFormat), array('%f' => $path, , '%l' => (int) $line));
return sprintf(' in <a href="%s" title="Go to source">%s line %d</a>', $link, $file, $line); return sprintf(' in <a href="%s" title="Go to source">%s line %d</a>', $link, $file, $line);
} }
@ -422,7 +422,7 @@ EOF;
} }
/** /**
* Returns an UTF-8 and HTML encoded string * Returns an UTF-8 and HTML encoded string.
*/ */
protected static function utf8Htmlize($str) protected static function utf8Htmlize($str)
{ {
@ -441,7 +441,7 @@ EOF;
} }
/** /**
* HTML-encodes a string * HTML-encodes a string.
*/ */
private function escapeHtml($str) private function escapeHtml($str)
{ {

6
src/Symfony/Component/HttpKernel/DataCollector/DumpDataCollector.php
View File

@ -100,9 +100,9 @@ class DumpDataCollector extends DataCollector implements DataDumperInterface
$name = $info->getTemplateName(); $name = $info->getTemplateName();
$src = $info->getEnvironment()->getLoader()->getSource($name); $src = $info->getEnvironment()->getLoader()->getSource($name);
$info = $info->getDebugInfo(); $info = $info->getDebugInfo();
if (isset($info[$trace[$i-1]['line']])) { if (isset($info[$trace[$i - 1]['line']])) {
$file = false; $file = false;
$line = $info[$trace[$i-1]['line']]; $line = $info[$trace[$i - 1]['line']];
$src = explode("\n", $src); $src = explode("\n", $src);
$fileExcerpt = array(); $fileExcerpt = array();
@ -259,7 +259,7 @@ class DumpDataCollector extends DataCollector implements DataDumperInterface
$name = strip_tags($this->style('', $name)); $name = strip_tags($this->style('', $name));
$file = strip_tags($this->style('', $file)); $file = strip_tags($this->style('', $file));
if ($fileLinkFormat) { if ($fileLinkFormat) {
$link = strtr($fileLinkFormat, array('%f' => $file, '%l' => (int) $line)); $link = strtr(strip_tags($this->style('', $fileLinkFormat)), array('%f' => $file, '%l' => (int) $line));
$name = sprintf('<a href="%s" title="%s">'.$s.'</a>', $link, $file, $name); $name = sprintf('<a href="%s" title="%s">'.$s.'</a>', $link, $file, $name);
} else { } else {
$name = sprintf('<abbr title="%s">'.$s.'</abbr>', $file, $name); $name = sprintf('<abbr title="%s">'.$s.'</abbr>', $file, $name);