Skip to content
Permalink
Browse files

Add missing HTML encoding to templates.

These templates were missing encoding and we were notified by Nancer
via the responsible disclosure process.
  • Loading branch information...
markstory committed May 20, 2018
1 parent da27675 commit 961b0e6cd713ce20c56c340f424495fbd99656b2
Showing with 9 additions and 9 deletions.
  1. +4 −4 src/Template/Error/duplicate_named_route.ctp
  2. +5 −5 src/Template/Error/missing_route.ctp
@@ -25,7 +25,7 @@ $attributes = $error->getAttributes();
$this->start('subheading');
?>
<strong>Error: </strong>
<?= $error->getMessage(); ?>
<?= h($error->getMessage()); ?>
<?php $this->end() ?>

<?php $this->start('file') ?>
@@ -50,9 +50,9 @@ Remove duplicate route names in your route configuration.</p>
echo '<tr>';
printf(
'<td width="25%%">%s</td><td>%s</td><td width="20%%">%s</td>',
$other->template,
Debugger::exportVar($other->defaults),
Debugger::exportVar($other->options)
h($other->template),
h(Debugger::exportVar($other->defaults)),
h(Debugger::exportVar($other->options))
);
echo '</tr>';
?>
@@ -26,7 +26,7 @@ $attributes = $error->getAttributes();
$this->start('subheading');
?>
<strong>Error: </strong>
<?= $error->getMessage(); ?>
<?= h($error->getMessage()); ?>
<?php $this->end() ?>

<?php $this->start('file') ?>
@@ -36,7 +36,7 @@ Add a matching route to <?= 'config' . DIRECTORY_SEPARATOR . 'routes.php' ?></p>
<?php if (!empty($attributes['context'])): ?>
<p>The passed context was:</p>
<pre>
<?= Debugger::exportVar($attributes['context']); ?>
<?= h(Debugger::exportVar($attributes['context'])); ?>
</pre>
<?php endif; ?>

@@ -48,9 +48,9 @@ foreach (Router::routes() as $route):
echo '<tr>';
printf(
'<td width="25%%">%s</td><td>%s</td><td width="20%%">%s</td>',
$route->template,
Debugger::exportVar($route->defaults),
Debugger::exportVar($route->options)
h($route->template),
h(Debugger::exportVar($route->defaults)),
h(Debugger::exportVar($route->options))
);
echo '</tr>';
endforeach;

0 comments on commit 961b0e6

Please sign in to comment.
You can’t perform that action at this time.