From 7f96c8ad176705b5a58503b301d8088c34f6c176 Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Tue, 24 Jan 2012 19:27:21 +0100 Subject: [PATCH] [HttpKernel] Prevent php script execution in cached ESI pages using HttpCache --- src/Symfony/Component/HttpKernel/HttpCache/Esi.php | 1 + .../Tests/Component/HttpKernel/HttpCache/EsiTest.php | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/src/Symfony/Component/HttpKernel/HttpCache/Esi.php b/src/Symfony/Component/HttpKernel/HttpCache/Esi.php index 2c48163c17..74c01fe4df 100644 --- a/src/Symfony/Component/HttpKernel/HttpCache/Esi.php +++ b/src/Symfony/Component/HttpKernel/HttpCache/Esi.php @@ -154,6 +154,7 @@ class Esi // we don't use a proper XML parser here as we can have ESI tags in a plain text response $content = $response->getContent(); + $content = str_replace(array('', ''), $content); $content = preg_replace_callback('##', array($this, 'handleEsiIncludeTag'), $content); $content = preg_replace('#]*/>#', '', $content); $content = preg_replace('#.*?#', '', $content); diff --git a/tests/Symfony/Tests/Component/HttpKernel/HttpCache/EsiTest.php b/tests/Symfony/Tests/Component/HttpKernel/HttpCache/EsiTest.php index 74e5f0d27b..bceb7cc1d6 100644 --- a/tests/Symfony/Tests/Component/HttpKernel/HttpCache/EsiTest.php +++ b/tests/Symfony/Tests/Component/HttpKernel/HttpCache/EsiTest.php @@ -109,6 +109,17 @@ class EsiTest extends \PHPUnit_Framework_TestCase $this->assertEquals('foo esi->handle($this, \'...\', \'\', false) ?>'."\n", $response->getContent()); } + public function testProcessEscapesPhpTags() + { + $esi = new Esi(); + + $request = Request::create('/'); + $response = new Response('foo <%= "lala" %>'); + $esi->process($request, $response); + + $this->assertEquals('foo php die("foo"); ?>= "lala" %>', $response->getContent()); + } + /** * @expectedException RuntimeException */