Permalink
Browse files

bug #22154 [WebProfilerBundle] Normalize whitespace in exceptions pas…

…sed in headers (curry684)

This PR was merged into the 2.7 branch.

Discussion
----------

[WebProfilerBundle] Normalize whitespace in exceptions passed in headers

| Q             | A
| ------------- | ---
| Branch?       | 2.7 upwards
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #22072
| License       | MIT

If an exception was thrown with line separators in its message the WebProfiler would cause an exception by passing it through unsanitized into the X-Debug-Error HTTP header. This commit fixes that by replacing all whitespace sequences with a single space in the header.

Commits
-------

d646790 [WebProfilerBundle] Normalize whitespace in exceptions passed in headers
  • Loading branch information...
fabpot committed Mar 29, 2017
2 parents dd37126 + d646790 commit 9466237db0fbad314994d011e4e0126ed0045ea2
@@ -68,7 +68,7 @@ public function onKernelResponse(FilterResponseEvent $event)
$this->urlGenerator->generate('_profiler', array('token' => $response->headers->get('X-Debug-Token')), UrlGeneratorInterface::ABSOLUTE_URL)
);
} catch (\Exception $e) {
- $response->headers->set('X-Debug-Error', get_class($e).': '.$e->getMessage());
+ $response->headers->set('X-Debug-Error', get_class($e).': '.preg_replace('/\s+/', ' ', $e->getMessage()));
}
}
@@ -245,6 +245,27 @@ public function testThrowingUrlGenerator()
$this->assertEquals('Exception: foo', $response->headers->get('X-Debug-Error'));
}
+ public function testThrowingErrorCleanup()
+ {
+ $response = new Response();
+ $response->headers->set('X-Debug-Token', 'xxxxxxxx');
+
+ $urlGenerator = $this->getUrlGeneratorMock();
+ $urlGenerator
+ ->expects($this->once())
+ ->method('generate')
+ ->with('_profiler', array('token' => 'xxxxxxxx'))
+ ->will($this->throwException(new \Exception("This\nmultiline\r\ntabbed text should\tcome out\r on\n \ta single plain\r\nline")))
+ ;
+
+ $event = new FilterResponseEvent($this->getKernelMock(), $this->getRequestMock(), HttpKernelInterface::MASTER_REQUEST, $response);
+
+ $listener = new WebDebugToolbarListener($this->getTwigMock(), false, WebDebugToolbarListener::ENABLED, 'bottom', $urlGenerator);
+ $listener->onKernelResponse($event);
+
+ $this->assertEquals('Exception: This multiline tabbed text should come out on a single plain line', $response->headers->get('X-Debug-Error'));
+ }
+
protected function getRequestMock($isXmlHttpRequest = false, $requestFormat = 'html', $hasSession = true)
{
$request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->setMethods(array('getSession', 'isXmlHttpRequest', 'getRequestFormat'))->disableOriginalConstructor()->getMock();

0 comments on commit 9466237

Please sign in to comment.