Removed variable escaping in CakeErrorController::beforeRender(). Closes #3074

2025-01-31 09:06:17 +00:00 · 2012-08-05 02:16:09 +05:30 · 2012-08-05 02:16:09 +05:30 · 8931b74ba2
commit 8931b74ba2
parent b32273e713
4 changed files with 8 additions and 22 deletions
--- a/lib/Cake/Controller/CakeErrorController.php
+++ b/lib/Cake/Controller/CakeErrorController.php
@ -66,18 +66,4 @@ class CakeErrorController extends AppController {
 		$this->_set(array('cacheAction' => false, 'viewPath' => 'Errors'));
 	}

-/**
- * Escapes the viewVars.
- *
- * @return void
- */
-	public function beforeRender() {
-		parent::beforeRender();
-		foreach ($this->viewVars as $key => $value) {
-			if (!is_object($value)) {
-				$this->viewVars[$key] = h($value);
-			}
-		}
-	}
-
 }
--- a/lib/Cake/Error/ExceptionRenderer.php
+++ b/lib/Cake/Error/ExceptionRenderer.php
@ -184,7 +184,7 @@ class ExceptionRenderer {
 		$this->controller->set(array(
 			'code' => $code,
 			'url' => h($url),
-			'name' => $error->getMessage(),
+			'name' => h($error->getMessage()),
 			'error' => $error,
 			'_serialize' => array('code', 'url', 'name')
 		));
@ -206,7 +206,7 @@ class ExceptionRenderer {
 		$url = $this->controller->request->here();
 		$this->controller->response->statusCode($error->getCode());
 		$this->controller->set(array(
-			'name' => $message,
+			'name' => h($message),
 			'url' => h($url),
 			'error' => $error,
 			'_serialize' => array('name', 'url')
@ -229,7 +229,7 @@ class ExceptionRenderer {
 		$code = ($error->getCode() > 500 && $error->getCode() < 506) ? $error->getCode() : 500;
 		$this->controller->response->statusCode($code);
 		$this->controller->set(array(
-			'name' => $message,
+			'name' => h($message),
 			'message' => h($url),
 			'error' => $error,
 			'_serialize' => array('name', 'message')
@ -250,7 +250,7 @@ class ExceptionRenderer {
 		$this->controller->set(array(
 			'code' => $code,
 			'url' => h($url),
-			'name' => $error->getMessage(),
+			'name' => h($error->getMessage()),
 			'error' => $error,
 			'_serialize' => array('code', 'url', 'name', 'error')
 		));
--- a/lib/Cake/Test/Case/Error/ExceptionRendererTest.php
+++ b/lib/Cake/Test/Case/Error/ExceptionRendererTest.php
@ -770,7 +770,7 @@ class ExceptionRendererTest extends CakeTestCase {

 		$this->assertContains('<h2>Database Error</h2>', $result);
 		$this->assertContains('There was an error in the SQL query', $result);
-		$this->assertContains('SELECT * from poo_query < 5 and :seven', $result);
+		$this->assertContains(h('SELECT * from poo_query < 5 and :seven'), $result);
 		$this->assertContains("'seven' => (int) 7", $result);
 	}
 }
--- a/lib/Cake/View/Errors/pdo_error.ctp
+++ b/lib/Cake/View/Errors/pdo_error.ctp
@ -19,17 +19,17 @@
 <h2><?php echo __d('cake_dev', 'Database Error'); ?></h2>
 <p class="error">
 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
-	<?php echo h($error->getMessage()); ?>
+	<?php echo $name; ?>
 </p>
 <?php if (!empty($error->queryString)) : ?>
 	<p class="notice">
 		<strong><?php echo __d('cake_dev', 'SQL Query'); ?>: </strong>
-		<?php echo  $error->queryString; ?>
+		<?php echo h($error->queryString); ?>
 	</p>
 <?php endif; ?>
 <?php if (!empty($error->params)) : ?>
 		<strong><?php echo __d('cake_dev', 'SQL Query Params'); ?>: </strong>
-		<?php echo  Debugger::dump($error->params); ?>
+		<?php echo Debugger::dump($error->params); ?>
 <?php endif; ?>
 <p class="notice">
 	<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>