[HttpKernel] Prevent php script execution in cached ESI pages using HttpCache

2012-01-24 19:27:21 +01:00 · 2012-01-24 19:27:21 +01:00 · 7f96c8ad17
commit 7f96c8ad17
parent 7c338de412
2 changed files with 12 additions and 0 deletions
--- a/src/Symfony/Component/HttpKernel/HttpCache/Esi.php
+++ b/src/Symfony/Component/HttpKernel/HttpCache/Esi.php
@ -154,6 +154,7 @@ class Esi

        // we don't use a proper XML parser here as we can have ESI tags in a plain text response
        $content = $response->getContent();
+        $content = str_replace(array('<?', '<%'), array('<?php echo "<?"; ?>', '<?php echo "<%"; ?>'), $content);
        $content = preg_replace_callback('#<esi\:include\s+(.*?)\s*/>#', array($this, 'handleEsiIncludeTag'), $content);
        $content = preg_replace('#<esi\:comment[^>]*/>#', '', $content);
        $content = preg_replace('#<esi\:remove>.*?</esi\:remove>#', '', $content);
--- a/tests/Symfony/Tests/Component/HttpKernel/HttpCache/EsiTest.php
+++ b/tests/Symfony/Tests/Component/HttpKernel/HttpCache/EsiTest.php
@ -109,6 +109,17 @@ class EsiTest extends \PHPUnit_Framework_TestCase
        $this->assertEquals('foo <?php echo $this->esi->handle($this, \'...\', \'\', false) ?>'."\n", $response->getContent());
    }

+    public function testProcessEscapesPhpTags()
+    {
+        $esi = new Esi();
+
+        $request = Request::create('/');
+        $response = new Response('foo <?php die("foo"); ?><%= "lala" %>');
+        $esi->process($request, $response);
+
+        $this->assertEquals('foo <?php echo "<?"; ?>php die("foo"); ?><?php echo "<%"; ?>= "lala" %>', $response->getContent());
+    }
+
    /**
     * @expectedException RuntimeException
     */