bug #22154 [WebProfilerBundle] Normalize whitespace in exceptions passed in headers (curry684)
This PR was merged into the 2.7 branch.
Discussion
----------
[WebProfilerBundle] Normalize whitespace in exceptions passed in headers
| Q | A
| ------------- | ---
| Branch? | 2.7 upwards
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #22072
| License | MIT
If an exception was thrown with line separators in its message the WebProfiler would cause an exception by passing it through unsanitized into the X-Debug-Error HTTP header. This commit fixes that by replacing all whitespace sequences with a single space in the header.
Commits
-------
d64679014b
[WebProfilerBundle] Normalize whitespace in exceptions passed in headers
This commit is contained in:
commit
9466237db0
@ -68,7 +68,7 @@ class WebDebugToolbarListener implements EventSubscriberInterface
|
|||||||
$this->urlGenerator->generate('_profiler', array('token' => $response->headers->get('X-Debug-Token')), UrlGeneratorInterface::ABSOLUTE_URL)
|
$this->urlGenerator->generate('_profiler', array('token' => $response->headers->get('X-Debug-Token')), UrlGeneratorInterface::ABSOLUTE_URL)
|
||||||
);
|
);
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
$response->headers->set('X-Debug-Error', get_class($e).': '.$e->getMessage());
|
$response->headers->set('X-Debug-Error', get_class($e).': '.preg_replace('/\s+/', ' ', $e->getMessage()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -245,6 +245,27 @@ class WebDebugToolbarListenerTest extends TestCase
|
|||||||
$this->assertEquals('Exception: foo', $response->headers->get('X-Debug-Error'));
|
$this->assertEquals('Exception: foo', $response->headers->get('X-Debug-Error'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testThrowingErrorCleanup()
|
||||||
|
{
|
||||||
|
$response = new Response();
|
||||||
|
$response->headers->set('X-Debug-Token', 'xxxxxxxx');
|
||||||
|
|
||||||
|
$urlGenerator = $this->getUrlGeneratorMock();
|
||||||
|
$urlGenerator
|
||||||
|
->expects($this->once())
|
||||||
|
->method('generate')
|
||||||
|
->with('_profiler', array('token' => 'xxxxxxxx'))
|
||||||
|
->will($this->throwException(new \Exception("This\nmultiline\r\ntabbed text should\tcome out\r on\n \ta single plain\r\nline")))
|
||||||
|
;
|
||||||
|
|
||||||
|
$event = new FilterResponseEvent($this->getKernelMock(), $this->getRequestMock(), HttpKernelInterface::MASTER_REQUEST, $response);
|
||||||
|
|
||||||
|
$listener = new WebDebugToolbarListener($this->getTwigMock(), false, WebDebugToolbarListener::ENABLED, 'bottom', $urlGenerator);
|
||||||
|
$listener->onKernelResponse($event);
|
||||||
|
|
||||||
|
$this->assertEquals('Exception: This multiline tabbed text should come out on a single plain line', $response->headers->get('X-Debug-Error'));
|
||||||
|
}
|
||||||
|
|
||||||
protected function getRequestMock($isXmlHttpRequest = false, $requestFormat = 'html', $hasSession = true)
|
protected function getRequestMock($isXmlHttpRequest = false, $requestFormat = 'html', $hasSession = true)
|
||||||
{
|
{
|
||||||
$request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->setMethods(array('getSession', 'isXmlHttpRequest', 'getRequestFormat'))->disableOriginalConstructor()->getMock();
|
$request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->setMethods(array('getSession', 'isXmlHttpRequest', 'getRequestFormat'))->disableOriginalConstructor()->getMock();
|
||||||
|
Reference in New Issue
Block a user