adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 03:18:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #9859 from cakephp/debugger-encoding

Browse source 
2.x - Debugger encoding
This commit is contained in:
Mark Story 2016-12-13 19:26:52 -05:00 committed by GitHub
commit 4a4c83c3e9
2 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
lib/Cake/Test/Case/Utility/DebuggerTest.php
View file

@ -155,6 +155,24 @@ class DebuggerTest extends CakeTestCase {
$this->assertContains('$wrong = ''', $result[3], 'Context should be HTML escaped.'); $this->assertContains('$wrong = ''', $result[3], 'Context should be HTML escaped.');
} }
/**
* test encodes error messages
*
* @return void
*/
public function testOutputEncodeDescription() {
set_error_handler('Debugger::showError');
$this->_restoreError = true;
ob_start();
$a = array();
$b = $a['<script>alert(1)</script>'];
$result = ob_get_clean();
$this->assertNotContains('<script>alert(1)', $result);
$this->assertContains('&lt;script&gt;alert(1)', $result);
}
/** /**
* Tests that changes in output formats using Debugger::output() change the templates used. * Tests that changes in output formats using Debugger::output() change the templates used.
* *

1
lib/Cake/Utility/Debugger.php
View file

@ -774,6 +774,7 @@ class Debugger {
if (!empty($tpl['escapeContext'])) { if (!empty($tpl['escapeContext'])) {
$context = h($context); $context = h($context);
$data['description'] = h($data['description']);
} }
$infoData = compact('code', 'context', 'trace'); $infoData = compact('code', 'context', 'trace');