diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #22154 [WebProfilerBundle] Normalize whitespace in exceptions passed in headers (curry684)

Browse Source 
This PR was merged into the 2.7 branch.

Discussion
----------

[WebProfilerBundle] Normalize whitespace in exceptions passed in headers

| Q             | A
| ------------- | ---
| Branch?       | 2.7 upwards
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #22072
| License       | MIT

If an exception was thrown with line separators in its message the WebProfiler would cause an exception by passing it through unsanitized into the X-Debug-Error HTTP header. This commit fixes that by replacing all whitespace sequences with a single space in the header.

Commits
-------

d64679014b [WebProfilerBundle] Normalize whitespace in exceptions passed in headers
This commit is contained in:
Fabien Potencier 2017-03-29 07:19:30 +02:00
commit 9466237db0
2 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Bundle/WebProfilerBundle/EventListener/WebDebugToolbarListener.php
View File

@ -68,7 +68,7 @@ class WebDebugToolbarListener implements EventSubscriberInterface
$this->urlGenerator->generate('_profiler', array('token' => $response->headers->get('X-Debug-Token')), UrlGeneratorInterface::ABSOLUTE_URL)
);
} catch (\Exception $e) {
$response->headers->set('X-Debug-Error', get_class($e).': '.$e->getMessage());
$response->headers->set('X-Debug-Error', get_class($e).': '.preg_replace('/\s+/', ' ', $e->getMessage()));
}
}

21
src/Symfony/Bundle/WebProfilerBundle/Tests/EventListener/WebDebugToolbarListenerTest.php
View File

@ -245,6 +245,27 @@ class WebDebugToolbarListenerTest extends TestCase
$this->assertEquals('Exception: foo', $response->headers->get('X-Debug-Error'));
}
public function testThrowingErrorCleanup()
{
$response = new Response();
$response->headers->set('X-Debug-Token', 'xxxxxxxx');
$urlGenerator = $this->getUrlGeneratorMock();
$urlGenerator
->expects($this->once())
->method('generate')
->with('_profiler', array('token' => 'xxxxxxxx'))
->will($this->throwException(new \Exception("This\nmultiline\r\ntabbed text should\tcome out\r on\n \ta single plain\r\nline")))
;
$event = new FilterResponseEvent($this->getKernelMock(), $this->getRequestMock(), HttpKernelInterface::MASTER_REQUEST, $response);
$listener = new WebDebugToolbarListener($this->getTwigMock(), false, WebDebugToolbarListener::ENABLED, 'bottom', $urlGenerator);
$listener->onKernelResponse($event);
$this->assertEquals('Exception: This multiline tabbed text should come out on a single plain line', $response->headers->get('X-Debug-Error'));
}
protected function getRequestMock($isXmlHttpRequest = false, $requestFormat = 'html', $hasSession = true)
{
$request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->setMethods(array('getSession', 'isXmlHttpRequest', 'getRequestFormat'))->disableOriginalConstructor()->getMock();