Merge dfa3c6c into 2d8c89f

cakephp · Oct 9, 2019 · 613c7ca · 613c7ca
2 parents 2d8c89f + dfa3c6c
commit 613c7ca
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 1 deletion.
diff --git a/src/Error/Debugger.php b/src/Error/Debugger.php
@@ -929,6 +929,29 @@ public static function printVar($var, array $location = [], ?bool $showHtml = nu
         printf($template, $lineInfo, $var);
     }
 
+    /**
+     * Format an exception message to be HTML formatted.
+     *
+     * Does the following formatting operations:
+     *
+     * - HTML escape the message.
+     * - Convert `bool` into `<code>bool</code>`
+     * - Convert newlines into `<br />`
+     *
+     * @param string $message The string message to format.
+     * @return string Formatted message.
+     */
+    public static function formatHtmlMessage(string $message): string
+    {
+        $message = h($message);
+        $message = preg_replace_callback('/`([^`]+)`/', function ($matches) {
+            return '<code>' . $matches[1] . '</code>';
+        }, $message);
+        $message = nl2br($message);
+
+        return $message;
+    }
+
     /**
      * Verifies that the application's salt and cipher seed value has been changed from the default value.
      *

diff --git a/templates/layout/dev_error.php b/templates/layout/dev_error.php
@@ -12,14 +12,15 @@
  * @since         3.0.0
  * @license       https://opensource.org/licenses/mit-license.php MIT License
  */
+use Cake\Error\Debugger;
 ?>
 <!DOCTYPE html>
 <html>
 <head>
     <?= $this->Html->charset() ?>
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>
-        Error: <?= h($this->fetch('title')) ?>
+        Error: <?= Debugger::formatHtmlMessage($this->fetch('title')) ?>
     </title>
     <?= $this->Html->meta('icon') ?>
     <style>

diff --git a/tests/TestCase/Error/DebuggerTest.php b/tests/TestCase/Error/DebuggerTest.php
@@ -825,4 +825,24 @@ public function testPrintVar()
         $expected = sprintf($expected, str_replace(CAKE_CORE_INCLUDE_PATH, '', __FILE__), __LINE__ - 9);
         $this->assertEquals($expected, $result);
     }
+
+    /**
+     * test formatHtmlMessage
+     *
+     * @return void
+     */
+    public function formatHtmlMessage()
+    {
+        $output = Debugger::formatHtmlMessage('Some `code` to `replace`');
+        $this->assertSame('Some <code>code</code> to <code>replace</code>', $output);
+
+        $output = Debugger::formatHtmlMessage('Some `co\nde` to `replace`\nmore');
+        $this->assertSame('Some <code>co<br>de</code> to <code>replace</code><br>more', $output);
+
+        $output = Debugger::formatHtmlMessage('Some `code` to <script>alert("test")</script>\nmore');
+        $this->assertSame(
+            'Some <code>co<br>de</code> to &lt;script&gt;alert(&quot;test&quot;&lt;/script&gt;<br>more',
+            $output
+        );
+    }
 }