Skip to content
Permalink
Browse files

minor #32369 [ErrorCatcher] Fixed some escaping in error renderers (j…

…aviereguiluz)

This PR was merged into the 4.4 branch.

Discussion
----------

[ErrorCatcher] Fixed some escaping in error renderers

| Q             | A
| ------------- | ---
| Branch?       | 4.4
| Bug fix?      | yes
| New feature?  | no <!-- please update src/**/CHANGELOG.md files -->
| BC breaks?    | no     <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass?   | yes    <!-- please add some, will be required by reviewers -->
| Fixed tickets | -
| License       | MIT
| Doc PR        | not needed

Fixes this: https://github.com/symfony/symfony/pull/32364/files#r300394620

Commits
-------

1413bdc [ErrorCatcher] Fixed some escaping in XML errors
  • Loading branch information...
yceruto committed Jul 4, 2019
2 parents 2f6c7c5 + 1413bdc commit 08aa16f729acfc7307f2d4a1b25f822d2728acbf
@@ -55,14 +55,16 @@ public function render(FlattenException $exception): string
{
$css = $this->getStylesheet();
$body = $this->getBody($exception);
$charset = $this->escapeHtml($this->charset);
$title = $this->escapeHtml($exception->getTitle());
return <<<EOF
<!DOCTYPE html>
<html>
<head>
<meta charset="{$this->charset}" />
<meta charset="{$charset}" />
<meta name="robots" content="noindex,nofollow,noarchive" />
<title>{$exception->getTitle()}</title>
<title>{$title}</title>
<style>$css</style>
</head>
<body>
@@ -94,11 +96,14 @@ public function setFileLinkFormat($fileLinkFormat)
*/
public function getBody(FlattenException $exception)
{
$statusCode = $this->escapeHtml($exception->getStatusCode());
$title = $this->escapeHtml($exception->getTitle());
if (!$this->debug) {
return <<<EOF
<div class="container">
<h1>Oops! An Error Occurred</h1>
<h2>The server returned a "{$exception->getStatusCode()} {$exception->getTitle()}".</h2>
<h2>The server returned a "{$statusCode} {$title}".</h2>
<p>
Something is broken. Please let us know what you were doing when this error occurred.
We will fix it as soon as possible. Sorry for any inconvenience caused.
@@ -40,7 +40,10 @@ public static function getFormat(): string
*/
public function render(FlattenException $exception): string
{
$title = $this->escapeXml($exception->getTitle());
$message = $this->escapeXml($exception->getMessage());
$statusCode = $this->escapeXml($exception->getStatusCode());
$charset = $this->escapeXml($this->charset);
$exceptions = '';
if ($this->debug) {
@@ -63,10 +66,10 @@ public function render(FlattenException $exception): string
}
return <<<EOF
<?xml version="1.0" encoding="{$this->charset}" ?>
<?xml version="1.0" encoding="{$charset}" ?>
<problem xmlns="urn:ietf:rfc:7807">
<title>{$exception->getTitle()}</title>
<status>{$exception->getStatusCode()}</status>
<title>{$title}</title>
<status>{$statusCode}</status>
<detail>{$message}</detail>
{$exceptions}
</problem>

0 comments on commit 08aa16f

Please sign in to comment.
You can’t perform that action at this time.