varDump not escaping special chars

Utility/Php::getIniFiles not properly handling empty return from `php_ini_scanned_files()` `ErrorHandler::handleException()` - check headers_sent() before calling http_response_code(500)
bkdotcom · Dec 19, 2023 · 78af396 · 78af396
1 parent 9657602
commit 78af396
Show file tree

Hide file tree

Showing 6 changed files with 15 additions and 13 deletions.
diff --git a/composer.json b/composer.json
@@ -49,9 +49,9 @@
         "bdk/backtrace": "2.2",
         "bdk/curl-http-message": "1.0",
         "bdk/errorhandler": "3.3.1",
-        "bdk/http-message": "1.0",
+        "bdk/http-message": "1.1",
         "bdk/promise": "1.0",
-        "bdk/pubsub": "3.2",
+        "bdk/pubsub": "3.2.1",
         "bdk/slack": "1.0",
         "bdk/teams": "1.0",
         "psr/http-message": "1.0.1"

diff --git a/src/Debug/Plugin/Method/Basic.php b/src/Debug/Plugin/Method/Basic.php
@@ -195,7 +195,7 @@ public function varDump()
             \fwrite($this->cliOutputStream, $outStr . "\n");
             return;
         }
-        echo '<pre style="margin:.25em;">' . $outStr . '</pre>' . "\n";
+        echo '<pre style="margin:.25em;">' . \htmlspecialchars($outStr) . '</pre>' . "\n";
     }
 
     /**

diff --git a/src/Debug/Utility/Php.php b/src/Debug/Utility/Php.php
@@ -117,7 +117,7 @@ public static function getIniFiles()
     {
         return \array_merge(
             array(\php_ini_loaded_file()),
-            \preg_split('#\s*[,\r\n]+\s*#', \trim(\php_ini_scanned_files()))
+            \array_filter(\preg_split('#\s*[,\r\n]+\s*#', \trim((string) \php_ini_scanned_files())))
         );
     }
 

diff --git a/src/ErrorHandler/ErrorHandler.php b/src/ErrorHandler/ErrorHandler.php
@@ -228,7 +228,9 @@ public function handleException($exception)
         // lets store the exception so we can use the backtrace it provides
         //   error constructor will pull this
         $this->data['uncaughtException'] = $exception;
-        \http_response_code(500);
+        if (\headers_sent() === false) {
+            \http_response_code(500);
+        }
         $this->handleError(
             E_ERROR,
             'Uncaught exception \'' . \get_class($exception) . '\' with message ' . $exception->getMessage(),

diff --git a/tests/Debug/Collector/PhpCurlClassTest.php b/tests/Debug/Collector/PhpCurlClassTest.php
@@ -195,7 +195,7 @@ public function testError()
                                 %A
                             </ul><span class="t_punct">)</span></span></li>
                         <li class="m_log" data-channel="general.Curl">%srequest headers</span> = <span class="t_string">GET /echo%s HTTP/1.1%A</li>
-                        <li class="m_warn" data-channel="general.Curl" data-detect-files="true" data-file="' . __FILE__ . '" data-line="%d"><span class="t_int">%d</span>, <span class="t_string">%AUnsupported HTTP version in response</span></li>
+                        <li class="m_warn" data-channel="general.Curl" data-detect-files="true" data-file="' . __FILE__ . '" data-line="%d"><span class="t_int">%d</span>, <span class="t_string">%SUnsupported %S in response</span></li>
                         <li class="m_time" data-channel="general.Curl"><span class="no-quotes t_string">time: %f %s</span></li>
                         <li class="m_log" data-channel="general.Curl"><span class="no-quotes t_string">response headers</span> = <span class="t_string">%A</span></li>
                         <li class="m_log" data-channel="general.Curl"><span class="no-quotes t_string">response body</span> = <span class="t_null">null</span></li>

diff --git a/tests/Debug/Plugin/Method/BasicTest.php b/tests/Debug/Plugin/Method/BasicTest.php
@@ -630,7 +630,7 @@ public function testVarDump()
                 'foo',
             ),
             array(
-                'output' => '<pre style="margin:.25em;">"foo"</pre>',
+                'output' => '<pre style="margin:.25em;">&quot;foo&quot;</pre>',
             )
         );
         $this->testMethod(
@@ -641,7 +641,7 @@ public function testVarDump()
                 'val3',
             ),
             array(
-                'output' => '<pre style="margin:.25em;">"val1", "val2", "val3"</pre>',
+                'output' => '<pre style="margin:.25em;">&quot;val1&quot;, &quot;val2&quot;, &quot;val3&quot;</pre>',
             )
         );
         $this->testMethod(
@@ -656,11 +656,11 @@ public function testVarDump()
                 ),
             ),
             array(
-                'output' => '<pre style="margin:.25em;">"values" = array(
-                    [false] => false
-                    [int] => 42
-                    [null] => null
-                    [true] => true
+                'output' => '<pre style="margin:.25em;">&quot;values&quot; = array(
+                    [false] =&gt; false
+                    [int] =&gt; 42
+                    [null] =&gt; null
+                    [true] =&gt; true
                 )</pre>',
             )
         );