Escape parameter on generated response
This commit is contained in:
parent
1033dc59cd
commit
b044c45679
|
@ -236,9 +236,9 @@ class Esi
|
|||
throw new \RuntimeException('Unable to process an ESI tag without a "src" attribute.');
|
||||
}
|
||||
|
||||
return sprintf('<?php echo $this->esi->handle($this, \'%s\', \'%s\', %s) ?>'."\n",
|
||||
$options['src'],
|
||||
isset($options['alt']) ? $options['alt'] : null,
|
||||
return sprintf('<?php echo $this->esi->handle($this, %s, %s, %s) ?>'."\n",
|
||||
var_export($options['src'], true),
|
||||
var_export(isset($options['alt']) ? $options['alt'] : '', true),
|
||||
isset($options['onerror']) && 'continue' == $options['onerror'] ? 'true' : 'false'
|
||||
);
|
||||
}
|
||||
|
|
|
@ -110,6 +110,11 @@ class EsiTest extends \PHPUnit_Framework_TestCase
|
|||
$this->assertEquals('foo <?php echo $this->esi->handle($this, \'...\', \'alt\', true) ?>'."\n", $response->getContent());
|
||||
$this->assertEquals('ESI', $response->headers->get('x-body-eval'));
|
||||
|
||||
$response = new Response('foo <esi:comment text="some comment" /><esi:include src="foo\'" alt="bar\'" onerror="continue" />');
|
||||
$esi->process($request, $response);
|
||||
|
||||
$this->assertEquals("foo <?php echo \$this->esi->handle(\$this, 'foo\\'', 'bar\\'', true) ?>"."\n", $response->getContent());
|
||||
|
||||
$response = new Response('foo <esi:include src="..." />');
|
||||
$esi->process($request, $response);
|
||||
|
||||
|
|
Reference in New Issue