Making CakeErrorController get the most recent request, this will hel…

…p when using requestAction. Updating test cases for error404. Updating ErrorHandler
cakephp · Aug 29, 2010 · 756baea · 756baea
1 parent 8712a90
commit 756baea
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 41 deletions.
diff --git a/cake/libs/controller/cake_error_controller.php b/cake/libs/controller/cake_error_controller.php
@@ -26,7 +26,7 @@ class CakeErrorController extends AppController {
 	function __construct() {
 		parent::__construct();
 		$this->_set(Router::getPaths());
-		$this->request = $this->params = Router::getRequest();
+		$this->request = $this->params = Router::getRequest(false);
 		$this->constructClasses();
 		$this->Components->trigger('initialize', array(&$this));
 		$this->_set(array('cacheAction' => false, 'viewPath' => 'errors'));

diff --git a/cake/libs/error.php b/cake/libs/error.php
@@ -98,7 +98,7 @@ protected function _getController($exception) {
 			$controller = new Controller();
 			$controller->viewPath = 'errors';
 		}
-		return $controller; 
+		return $controller;
 	}
 
 /**
@@ -128,33 +128,22 @@ public function render() {
  *
  * @param array $params Parameters for controller
  */
-	public function error($params) {
-		extract($params, EXTR_OVERWRITE);
-		$this->controller->set(array(
-			'code' => $code,
-			'name' => $name,
-			'message' => $message,
-			'title' => $code . ' ' . $name
-		));
-		$this->_outputMessage('error404');
+	public function error(Exception $error) {
+		$this->error404($error);
 	}
 
 /**
  * Convenience method to display a 404 page.
  *
  * @param array $params Parameters for controller
  */
-	public function error404($exception) {
-		if (!isset($url)) {
-			$url = $this->controller->here;
-		}
-		$url = Router::normalize($url);
+	public function error404($error) {
+		$url = Router::normalize($this->controller->request->here);
 		$this->controller->response->statusCode(404);
 		$this->controller->set(array(
-			'code' => '404',
-			'name' => __('Not Found'),
-			'message' => h($url),
-			'base' => $this->controller->request->base
+			'code' => 404,
+			'name' => $error->getMessage(),
+			'url' => h($url),
 		));
 		$this->_outputMessage('error404');
 	}

diff --git a/cake/libs/view/errors/error404.ctp b/cake/libs/view/errors/error404.ctp
@@ -20,5 +20,8 @@
 <h2><?php echo $name; ?></h2>
 <p class="error">
 	<strong><?php echo __('Error'); ?>: </strong>
-	<?php printf(__('The requested address %s was not found on this server.'), "<strong>'{$message}'</strong>"); ?>
+	<?php printf(
+		__('The requested address %s was not found on this server.'),
+		"<strong>'{$url}'</strong>"
+	); ?>
 </p>
diff --git a/cake/tests/cases/libs/error.test.php b/cake/tests/cases/libs/error.test.php
@@ -274,7 +274,7 @@ function testHandleException() {
 		ob_start();
 		ErrorHandler::handleException($error);
 		$result = ob_get_clean();
-		$this->assertPattern('/Not Found/', $result, 'message missing.');
+		$this->assertPattern('/Kaboom!/', $result, 'message missing.');
 	}
 
 /**
@@ -345,15 +345,13 @@ function testErrorMethodCoercion() {
  * @return void
  */
 	function testError() {
-		$this->markTestIncomplete('Not done');
-		$exception = new Error404Exception('Page not found');
+		$exception = new Exception('Page not found');
 		$ErrorHandler = new ErrorHandler($exception);
 
 		ob_start();
-		$ErrorHandler->error($excpetion);
+		$ErrorHandler->error($exception);
 		$result = ob_get_clean();
-		$this->assertPattern("/<h2>Couldn't find what you were looking for<\/h2>/", $result);
-		$this->assertPattern('/Page not Found/', $result);
+		$this->assertPattern("/<h2>Page not found<\/h2>/", $result);
 	}
 
 /**
@@ -363,30 +361,47 @@ function testError() {
  * @return void
  */
 	function testError404() {
-		$this->markTestIncomplete('Not implemented now');
 		App::build(array(
 			'views' => array(TEST_CAKE_CORE_INCLUDE_PATH . 'libs' . DS . 'view' . DS)
 		), true);
+		Router::reload();
+
+		$request = new CakeRequest('posts/view/1000', false);
+		Router::setRequestInfo($request);
+
+		$exception = new Error404Exception('Custom message');
+		$ErrorHandler = new ErrorHandler($exception);
 
 		ob_start();
-		$ErrorHandler = new ErrorHandler('error404', array('message' => 'Page not found', 'url' => '/test_error'));
+		$ErrorHandler->render();
 		$result = ob_get_clean();
-		$this->assertPattern('/<h2>Not Found<\/h2>/', $result);
-	 	$this->assertPattern("/<strong>'\/test_error'<\/strong>/", $result);
+
+		$this->assertPattern('/<h2>Custom message<\/h2>/', $result);
+		$this->assertPattern("/<strong>'\/posts\/view\/1000'<\/strong>/", $result);
+
+		App::build();
+	}
+
+/**
+ * test that error404 doesn't expose XSS
+ *
+ * @return void
+ */
+	function testError404NoInjection() {
+		Router::reload();
+
+		$request = new CakeRequest('pages/<span id=333>pink</span></id><script>document.body.style.background = t=document.getElementById(333).innerHTML;window.alert(t);</script>', false);
+		Router::setRequestInfo($request);
+
+		$exception = new Error404Exception('Custom message');
+		$ErrorHandler = new ErrorHandler($exception);
 
 		ob_start();
-		$ErrorHandler = new ErrorHandler('error404', array('message' => 'Page not found'));
-		ob_get_clean();
-		ob_start();
-		$ErrorHandler->error404(array(
-			'url' => 'pages/<span id=333>pink</span></id><script>document.body.style.background = t=document.getElementById(333).innerHTML;window.alert(t);</script>',
-			'message' => 'Page not found'
-		));
+		$ErrorHandler->render();
 		$result = ob_get_clean();
-		$this->assertNoPattern('#<script>#', $result);
-		$this->assertNoPattern('#</script>#', $result);
 
-		App::build();
+		$this->assertNoPattern('#<script>document#', $result);
+		$this->assertNoPattern('#alert\(t\);</script>#', $result);
 	}
 
 /**