Skip to content

Commit

Permalink
Removed variable escaping in CakeErrorController::beforeRender(). Closes
Browse files Browse the repository at this point in the history 
 #3074
  • Loading branch information
@ADmad
ADmad committed Aug 4, 2012
1 parent b32273e commit 8931b74
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 22 deletions.
14 changes: 0 additions & 14 deletions lib/Cake/Controller/CakeErrorController.php
View file
Expand Up @@ -66,18 +66,4 @@ public function __construct($request = null, $response = null) {
$this->_set(array('cacheAction' => false, 'viewPath' => 'Errors'));
}

/**
* Escapes the viewVars.
*
* @return void
*/
public function beforeRender() {
parent::beforeRender();
foreach ($this->viewVars as $key => $value) {
if (!is_object($value)) {
$this->viewVars[$key] = h($value);
}
}
}

}
8 changes: 4 additions & 4 deletions lib/Cake/Error/ExceptionRenderer.php
View file
Expand Up @@ -184,7 +184,7 @@ protected function _cakeError(CakeException $error) {
$this->controller->set(array(
'code' => $code,
'url' => h($url),
'name' => $error->getMessage(),
'name' => h($error->getMessage()),
'error' => $error,
'_serialize' => array('code', 'url', 'name')
));
Expand All @@ -206,7 +206,7 @@ public function error400($error) {
$url = $this->controller->request->here();
$this->controller->response->statusCode($error->getCode());
$this->controller->set(array(
'name' => $message,
'name' => h($message),
'url' => h($url),
'error' => $error,
'_serialize' => array('name', 'url')
Expand All @@ -229,7 +229,7 @@ public function error500($error) {
$code = ($error->getCode() > 500 && $error->getCode() < 506) ? $error->getCode() : 500;
$this->controller->response->statusCode($code);
$this->controller->set(array(
'name' => $message,
'name' => h($message),
'message' => h($url),
'error' => $error,
'_serialize' => array('name', 'message')
Expand All @@ -250,7 +250,7 @@ public function pdoError(PDOException $error) {
$this->controller->set(array(
'code' => $code,
'url' => h($url),
'name' => $error->getMessage(),
'name' => h($error->getMessage()),
'error' => $error,
'_serialize' => array('code', 'url', 'name', 'error')
));
Expand Down
2 changes: 1 addition & 1 deletion lib/Cake/Test/Case/Error/ExceptionRendererTest.php
View file
Expand Up @@ -770,7 +770,7 @@ public function testPDOException() {

$this->assertContains('<h2>Database Error</h2>', $result);
$this->assertContains('There was an error in the SQL query', $result);
$this->assertContains('SELECT * from poo_query < 5 and :seven', $result);
$this->assertContains(h('SELECT * from poo_query < 5 and :seven'), $result);
$this->assertContains("'seven' => (int) 7", $result);
}
}
6 changes: 3 additions & 3 deletions lib/Cake/View/Errors/pdo_error.ctp
View file
Expand Up @@ -19,17 +19,17 @@
<h2><?php echo __d('cake_dev', 'Database Error'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo h($error->getMessage()); ?>
<?php echo $name; ?>
</p>
<?php if (!empty($error->queryString)) : ?>
<p class="notice">
<strong><?php echo __d('cake_dev', 'SQL Query'); ?>: </strong>
<?php echo $error->queryString; ?>
<?php echo h($error->queryString); ?>
</p>
<?php endif; ?>
<?php if (!empty($error->params)) : ?>
<strong><?php echo __d('cake_dev', 'SQL Query Params'); ?>: </strong>
<?php echo Debugger::dump($error->params); ?>
<?php echo Debugger::dump($error->params); ?>
<?php endif; ?>
<p class="notice">
<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>
Expand Down

0 comments on commit 8931b74

Please sign in to comment.