minor #11845 [HttpKernel] Escape ESI url in generated response (Jérémy Derussé)
This PR was merged into the 2.3 branch.
Discussion
----------
[HttpKernel] Escape ESI url in generated response
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets |
| License | MIT
| Doc PR | NA
If a template with an `<esi>` tag is configured with an URL containing a `'` (in `src` or `alt`) ; the HttpCache will generate invalide php code.
It's not a security issue, given the template and the `<esi>` tag is written by the developper, but, as the character quote is allowed in URL (https://tools.ietf.org/html/rfc3986) it coud be a potential bug.
Commits
-------
b044c45
Escape parameter on generated response
This commit is contained in:
commit
7e5ec59fc8
@ -236,9 +236,9 @@ class Esi
|
|||||||
throw new \RuntimeException('Unable to process an ESI tag without a "src" attribute.');
|
throw new \RuntimeException('Unable to process an ESI tag without a "src" attribute.');
|
||||||
}
|
}
|
||||||
|
|
||||||
return sprintf('<?php echo $this->esi->handle($this, \'%s\', \'%s\', %s) ?>'."\n",
|
return sprintf('<?php echo $this->esi->handle($this, %s, %s, %s) ?>'."\n",
|
||||||
$options['src'],
|
var_export($options['src'], true),
|
||||||
isset($options['alt']) ? $options['alt'] : null,
|
var_export(isset($options['alt']) ? $options['alt'] : '', true),
|
||||||
isset($options['onerror']) && 'continue' == $options['onerror'] ? 'true' : 'false'
|
isset($options['onerror']) && 'continue' == $options['onerror'] ? 'true' : 'false'
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
@ -110,6 +110,11 @@ class EsiTest extends \PHPUnit_Framework_TestCase
|
|||||||
$this->assertEquals('foo <?php echo $this->esi->handle($this, \'...\', \'alt\', true) ?>'."\n", $response->getContent());
|
$this->assertEquals('foo <?php echo $this->esi->handle($this, \'...\', \'alt\', true) ?>'."\n", $response->getContent());
|
||||||
$this->assertEquals('ESI', $response->headers->get('x-body-eval'));
|
$this->assertEquals('ESI', $response->headers->get('x-body-eval'));
|
||||||
|
|
||||||
|
$response = new Response('foo <esi:comment text="some comment" /><esi:include src="foo\'" alt="bar\'" onerror="continue" />');
|
||||||
|
$esi->process($request, $response);
|
||||||
|
|
||||||
|
$this->assertEquals("foo <?php echo \$this->esi->handle(\$this, 'foo\\'', 'bar\\'', true) ?>"."\n", $response->getContent());
|
||||||
|
|
||||||
$response = new Response('foo <esi:include src="..." />');
|
$response = new Response('foo <esi:include src="..." />');
|
||||||
$esi->process($request, $response);
|
$esi->process($request, $response);
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user