adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-09-03 10:02:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix missing Html escaping on string urls for assets.

Browse source 
Add HTML escaping for asset paths provided as strings.
Split existing tests up.

Fixes #2766
This commit is contained in:
mark_story 2012-04-09 21:20:03 -04:00
parent da9cbcf7bb
commit 67743c8079
3 changed files with 37 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

10
lib/Cake/View/Helper.php
View file

@ -270,10 +270,10 @@ class Helper extends Object {
*
* @param string|array Path string or url array
* @param array $options Options array. Possible keys:
* `fullBase` Return full url with domain name
* `pathPrefix` Path prefix for relative urls
* `ext` Asset extension to append
* `plugin` False value will prevent parsing path as a plugin
* `fullBase` Return full url with domain name
* `pathPrefix` Path prefix for relative urls
* `ext` Asset extension to append
* `plugin` False value will prevent parsing path as a plugin
* @return string Generated url
*/
public function assetUrl($path, $options = array()) {
@ -296,7 +296,7 @@ class Helper extends Object {
if (isset($plugin)) {
$path = Inflector::underscore($plugin) . '/' . $path;
}
$path = $this->assetTimestamp($this->webroot($path));
$path = h($this->assetTimestamp($this->webroot($path)));
if (!empty($options['fullBase'])) {
$path = $this->url('/', true) . $path;