diff --git a/src/Symfony/Bridge/Twig/Extension/CodeExtension.php b/src/Symfony/Bridge/Twig/Extension/CodeExtension.php
index 651d75f26f..d9ba2c05bd 100644
--- a/src/Symfony/Bridge/Twig/Extension/CodeExtension.php
+++ b/src/Symfony/Bridge/Twig/Extension/CodeExtension.php
@@ -49,7 +49,7 @@ class CodeExtension extends \Twig_Extension
new \Twig_SimpleFilter('file_excerpt', array($this, 'fileExcerpt'), array('is_safe' => array('html'))),
new \Twig_SimpleFilter('format_file', array($this, 'formatFile'), array('is_safe' => array('html'))),
new \Twig_SimpleFilter('format_file_from_text', array($this, 'formatFileFromText'), array('is_safe' => array('html'))),
- new \Twig_SimpleFilter('file_link', array($this, 'getFileLink'), array('is_safe' => array('html'))),
+ new \Twig_SimpleFilter('file_link', array($this, 'getFileLink')),
);
}
diff --git a/src/Symfony/Bundle/FrameworkBundle/Templating/Helper/CodeHelper.php b/src/Symfony/Bundle/FrameworkBundle/Templating/Helper/CodeHelper.php
index 78c0b462f2..87aede2273 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Templating/Helper/CodeHelper.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Templating/Helper/CodeHelper.php
@@ -154,24 +154,25 @@ class CodeHelper extends Helper
*/
public function formatFile($file, $line, $text = null)
{
+ if (PHP_VERSION_ID >= 50400) {
+ $flags = ENT_QUOTES | ENT_SUBSTITUTE;
+ } else {
+ $flags = ENT_QUOTES;
+ }
+
if (null === $text) {
$file = trim($file);
$fileStr = $file;
if (0 === strpos($fileStr, $this->rootDir)) {
$fileStr = str_replace($this->rootDir, '', str_replace('\\', '/', $fileStr));
- $fileStr = sprintf('kernel.root_dir/%s', $this->rootDir, $fileStr);
+ $fileStr = htmlspecialchars($fileStr, $flags, $this->charset);
+ $fileStr = sprintf('kernel.root_dir/%s', htmlspecialchars($this->rootDir, $flags, $this->charset), $fileStr);
}
- $text = "$fileStr at line $line";
+ $text = sprintf('%s at line %d', $fileStr, $line);
}
if (false !== $link = $this->getFileLink($file, $line)) {
- if (PHP_VERSION_ID >= 50400) {
- $flags = ENT_QUOTES | ENT_SUBSTITUTE;
- } else {
- $flags = ENT_QUOTES;
- }
-
return sprintf('%s', htmlspecialchars($link, $flags, $this->charset), $text);
}
diff --git a/src/Symfony/Component/Debug/ExceptionHandler.php b/src/Symfony/Component/Debug/ExceptionHandler.php
index a96bbe1020..0b962b0e88 100644
--- a/src/Symfony/Component/Debug/ExceptionHandler.php
+++ b/src/Symfony/Component/Debug/ExceptionHandler.php
@@ -157,10 +157,11 @@ EOF
}
if (isset($trace['file']) && isset($trace['line'])) {
if ($linkFormat = ini_get('xdebug.file_link_format')) {
- $link = str_replace(array('%f', '%l'), array($trace['file'], $trace['line']), $linkFormat);
- $content .= sprintf(' in %s line %s', $link, $trace['file'], $trace['line']);
+ $link = strtr($linkFormat, array('%f' => $trace['file'], '%l' => $trace['line']));
+ $link = htmlspecialchars($link, $flags, $this->charset);
+ $content .= sprintf(' in %s line %d', $link, htmlspecialchars($trace['file'], $flags, $this->charset), $trace['line']);
} else {
- $content .= sprintf(' in %s line %s', $trace['file'], $trace['line']);
+ $content .= sprintf(' in %s line %d', htmlspecialchars($trace['file'], $flags, $this->charset), $trace['line']);
}
}
$content .= "\n";