Permalink
Browse files

Add missing html escaping.

This should have been here the whole time. Many of these variables could
contain user input.
  • Loading branch information...
markstory committed May 10, 2013
1 parent a49c69a commit f745a02210a22a465222205ea50b3bcbd60dc566
@@ -17,20 +17,20 @@
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
?>
-<h2><?php echo __d('cake_dev', 'Missing Method in %s', $controller); ?></h2> <p class="error">
+<h2><?php echo __d('cake_dev', 'Missing Method in %s', h($controller)); ?></h2> <p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', 'The action %1$s is not defined in controller %2$s', '<em>' . $action . '</em>', '<em>' . $controller . '</em>'); ?>
+ <?php echo __d('cake_dev', 'The action %1$s is not defined in controller %2$s', '<em>' . h($action) . '</em>', '<em>' . h($controller) . '</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', 'Create %1$s%2$s in file: %3$s.', '<em>' . $controller . '::</em>', '<em>' . $action . '()</em>', APP_DIR . DS . 'Controller' . DS . $controller . '.php'); ?>
+ <?php echo __d('cake_dev', 'Create %1$s%2$s in file: %3$s.', '<em>' . h($controller) . '::</em>', '<em>' . h($action) . '()</em>', APP_DIR . DS . 'Controller' . DS . h($controller) . '.php'); ?>
</p>
<pre>
&lt;?php
-class <?php echo $controller; ?> extends AppController {
+class <?php echo h($controller); ?> extends AppController {
<strong>
- public function <?php echo $action; ?>() {
+ public function <?php echo h($action); ?>() {
}
</strong>
@@ -21,15 +21,15 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';
<h2><?php echo __d('cake_dev', 'Missing Behavior'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', '%s could not be found.', '<em>' . $pluginDot . $class . '</em>'); ?>
+ <?php echo __d('cake_dev', '%s could not be found.', '<em>' . h($pluginDot . $class) . '</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . $class . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'Model' . DS . 'Behavior' . DS . $class . '.php'); ?>
+ <?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . h($class) . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'Model' . DS . 'Behavior' . DS . h($class) . '.php'); ?>
</p>
<pre>
&lt;?php
-class <?php echo $class; ?> extends ModelBehavior {
+class <?php echo h($class); ?> extends ModelBehavior {
}
</pre>
@@ -21,15 +21,15 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';
<h2><?php echo __d('cake_dev', 'Missing Component'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', '%s could not be found.', '<em>' . $pluginDot . $class . '</em>'); ?>
+ <?php echo __d('cake_dev', '%s could not be found.', '<em>' . h($pluginDot . $class) . '</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . $class . '</em>', (empty($plugin) ? APP_DIR : CakePlugin::path($plugin)) . DS . 'Controller' . DS . 'Component' . DS . $class . '.php'); ?>
+ <?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . h($class) . '</em>', (empty($plugin) ? APP_DIR : CakePlugin::path($plugin)) . DS . 'Controller' . DS . 'Component' . DS . h($class) . '.php'); ?>
</p>
<pre>
&lt;?php
-class <?php echo $class; ?> extends Component {
+class <?php echo h($class); ?> extends Component {
}
</pre>
@@ -20,18 +20,18 @@
<h2><?php echo __d('cake_dev', 'Missing Database Connection'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', 'A Database connection using "%s" was missing or unable to connect. ', $class); ?>
+ <?php echo __d('cake_dev', 'A Database connection using "%s" was missing or unable to connect. ', h($class)); ?>
<br />
<?php
if (isset($message)):
- echo __d('cake_dev', 'The database server returned this error: %s', $message);
+ echo __d('cake_dev', 'The database server returned this error: %s', h($message));
endif;
?>
</p>
<?php if (!$enabled) : ?>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', '%s driver is NOT enabled', $class); ?>
+ <?php echo __d('cake_dev', '%s driver is NOT enabled', h($class)); ?>
</p>
<?php endif; ?>
<p class="notice">
@@ -21,15 +21,15 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';
<h2><?php echo __d('cake_dev', 'Missing Controller'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', '%s could not be found.', '<em>' . $pluginDot . $class . '</em>'); ?>
+ <?php echo __d('cake_dev', '%s could not be found.', '<em>' . h($pluginDot . $class) . '</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . $class . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'Controller' . DS . $class . '.php'); ?>
+ <?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . h($class) . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'Controller' . DS . h($class) . '.php'); ?>
</p>
<pre>
&lt;?php
-class <?php echo $class . ' extends ' . $plugin; ?>AppController {
+class <?php echo h($class . ' extends ' . $plugin); ?>AppController {
}
</pre>
@@ -21,7 +21,7 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';
<h2><?php echo __d('cake_dev', 'Missing Datasource'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', 'Datasource class %s could not be found.', '<em>' . $pluginDot . $class . '</em>'); ?>
+ <?php echo __d('cake_dev', 'Datasource class %s could not be found.', '<em>' . h($pluginDot . $class) . '</em>'); ?>
<?php if (isset($message)): ?>
<?php echo h($message); ?>
<?php endif; ?>
@@ -20,7 +20,7 @@
<h2><?php echo __d('cake_dev', 'Missing Datasource Configuration'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', 'The datasource configuration %1$s was not found in database.php.', '<em>' . $config . '</em>'); ?>
+ <?php echo __d('cake_dev', 'The datasource configuration %1$s was not found in database.php.', '<em>' . h($config) . '</em>'); ?>
</p>
<p class="notice">
<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>
@@ -21,15 +21,15 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';
<h2><?php echo __d('cake_dev', 'Missing Helper'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', '%s could not be found.', '<em>' . $pluginDot . $class . '</em>'); ?>
+ <?php echo __d('cake_dev', '%s could not be found.', '<em>' . h($pluginDot . $class) . '</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . $class . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'View' . DS . 'Helper' . DS . $class . '.php'); ?>
+ <?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . h($class) . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'View' . DS . 'Helper' . DS . h($class) . '.php'); ?>
</p>
<pre>
&lt;?php
-class <?php echo $class; ?> extends AppHelper {
+class <?php echo h($class); ?> extends AppHelper {
}
</pre>
@@ -20,11 +20,11 @@
<h2><?php echo __d('cake_dev', 'Missing Layout'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', 'The layout file %s can not be found or does not exist.', '<em>' . $file . '</em>'); ?>
+ <?php echo __d('cake_dev', 'The layout file %s can not be found or does not exist.', '<em>' . h($file) . '</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', 'Confirm you have created the file: %s', '<em>' . $file . '</em>'); ?>
+ <?php echo __d('cake_dev', 'Confirm you have created the file: %s', '<em>' . h($file) . '</em>'); ?>
</p>
<p class="notice">
<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>
@@ -20,15 +20,15 @@
<h2><?php echo __d('cake_dev', 'Missing Plugin'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', 'The application is trying to load a file from the %s plugin', '<em>' . $plugin . '</em>'); ?>
+ <?php echo __d('cake_dev', 'The application is trying to load a file from the %s plugin', '<em>' . h($plugin) . '</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'Make sure your plugin %s is in the ' . APP_DIR . DS . 'Plugin directory and was loaded', $plugin); ?>
</p>
<pre>
&lt;?php
-CakePlugin::load('<?php echo $plugin?>');
+CakePlugin::load('<?php echo h($plugin); ?>');
</pre>
<p class="notice">
@@ -20,7 +20,7 @@
<h2><?php echo __d('cake_dev', 'Missing Database Table'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', 'Table %1$s for model %2$s was not found in datasource %3$s.', '<em>' . $table . '</em>', '<em>' . $class . '</em>', '<em>' . $ds . '</em>'); ?>
+ <?php echo __d('cake_dev', 'Table %1$s for model %2$s was not found in datasource %3$s.', '<em>' . h($table) . '</em>', '<em>' . h($class) . '</em>', '<em>' . h($ds) . '</em>'); ?>
</p>
<p class="notice">
<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>
@@ -20,11 +20,11 @@
<h2><?php echo __d('cake_dev', 'Missing View'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', 'The view for %1$s%2$s was not found.', '<em>' . Inflector::camelize($this->request->controller) . 'Controller::</em>', '<em>' . $this->request->action . '()</em>'); ?>
+ <?php echo __d('cake_dev', 'The view for %1$s%2$s was not found.', '<em>' . h(Inflector::camelize($this->request->controller)) . 'Controller::</em>', '<em>' . h($this->request->action) . '()</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', 'Confirm you have created the file: %s', $file); ?>
+ <?php echo __d('cake_dev', 'Confirm you have created the file: %s', h($file)); ?>
</p>
<p class="notice">
<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>
@@ -20,7 +20,7 @@
<h2><?php echo __d('cake_dev', 'Private Method in %s', $controller); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
- <?php echo __d('cake_dev', '%s%s cannot be accessed directly.', '<em>' . $controller . '::</em>', '<em>' . $action . '()</em>'); ?>
+ <?php echo __d('cake_dev', '%s%s cannot be accessed directly.', '<em>' . h($controller) . '::</em>', '<em>' . h($action) . '()</em>'); ?>
</p>
<p class="notice">
<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>

0 comments on commit f745a02

Please sign in to comment.