Skip to content
Permalink
Browse files

Removed variable escaping in CakeErrorController::beforeRender(). Closes

  • Loading branch information...
ADmad committed Aug 4, 2012
1 parent b32273e commit 8931b74ba2c3085c28ffdb8767b1400aeef278d0
@@ -66,18 +66,4 @@ public function __construct($request = null, $response = null) {
$this->_set(array('cacheAction' => false, 'viewPath' => 'Errors'));
}
/**
* Escapes the viewVars.
*
* @return void
*/
public function beforeRender() {
parent::beforeRender();
foreach ($this->viewVars as $key => $value) {
if (!is_object($value)) {
$this->viewVars[$key] = h($value);
}
}
}
}
@@ -184,7 +184,7 @@ protected function _cakeError(CakeException $error) {
$this->controller->set(array(
'code' => $code,
'url' => h($url),
'name' => $error->getMessage(),
'name' => h($error->getMessage()),
'error' => $error,
'_serialize' => array('code', 'url', 'name')
));
@@ -206,7 +206,7 @@ public function error400($error) {
$url = $this->controller->request->here();
$this->controller->response->statusCode($error->getCode());
$this->controller->set(array(
'name' => $message,
'name' => h($message),
'url' => h($url),
'error' => $error,
'_serialize' => array('name', 'url')
@@ -229,7 +229,7 @@ public function error500($error) {
$code = ($error->getCode() > 500 && $error->getCode() < 506) ? $error->getCode() : 500;
$this->controller->response->statusCode($code);
$this->controller->set(array(
'name' => $message,
'name' => h($message),
'message' => h($url),
'error' => $error,
'_serialize' => array('name', 'message')
@@ -250,7 +250,7 @@ public function pdoError(PDOException $error) {
$this->controller->set(array(
'code' => $code,
'url' => h($url),
'name' => $error->getMessage(),
'name' => h($error->getMessage()),
'error' => $error,
'_serialize' => array('code', 'url', 'name', 'error')
));
@@ -770,7 +770,7 @@ public function testPDOException() {
$this->assertContains('<h2>Database Error</h2>', $result);
$this->assertContains('There was an error in the SQL query', $result);
$this->assertContains('SELECT * from poo_query < 5 and :seven', $result);
$this->assertContains(h('SELECT * from poo_query < 5 and :seven'), $result);
$this->assertContains("'seven' => (int) 7", $result);
}
}
@@ -19,17 +19,17 @@
<h2><?php echo __d('cake_dev', 'Database Error'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo h($error->getMessage()); ?>
<?php echo $name; ?>
</p>
<?php if (!empty($error->queryString)) : ?>
<p class="notice">
<strong><?php echo __d('cake_dev', 'SQL Query'); ?>: </strong>
<?php echo $error->queryString; ?>
<?php echo h($error->queryString); ?>
</p>
<?php endif; ?>
<?php if (!empty($error->params)) : ?>
<strong><?php echo __d('cake_dev', 'SQL Query Params'); ?>: </strong>
<?php echo Debugger::dump($error->params); ?>
<?php echo Debugger::dump($error->params); ?>
<?php endif; ?>
<p class="notice">
<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>

0 comments on commit 8931b74

Please sign in to comment.
You can’t perform that action at this time.