adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-31 09:06:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add missing html escaping.

Browse source 
This should have been here the whole time. Many of these variables could
contain user input.
This commit is contained in:
mark_story 2013-05-09 23:12:07 -04:00
parent a49c69acc4
commit f745a02210
13 changed files with 30 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/Cake/View/Errors/missing_action.ctp
View file

@ -17,20 +17,20 @@
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
*/
?>
<h2><?php echo __d('cake_dev', 'Missing Method in %s', $controller); ?></h2> <p class="error">
<h2><?php echo __d('cake_dev', 'Missing Method in %s', h($controller)); ?></h2> <p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'The action %1$s is not defined in controller %2$s', '<em>' . $action . '</em>', '<em>' . $controller . '</em>'); ?>
<?php echo __d('cake_dev', 'The action %1$s is not defined in controller %2$s', '<em>' . h($action) . '</em>', '<em>' . h($controller) . '</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'Create %1$s%2$s in file: %3$s.', '<em>' . $controller . '::</em>', '<em>' . $action . '()</em>', APP_DIR . DS . 'Controller' . DS . $controller . '.php'); ?>
<?php echo __d('cake_dev', 'Create %1$s%2$s in file: %3$s.', '<em>' . h($controller) . '::</em>', '<em>' . h($action) . '()</em>', APP_DIR . DS . 'Controller' . DS . h($controller) . '.php'); ?>
</p>
<pre>
&lt;?php
class <?php echo $controller; ?> extends AppController {
class <?php echo h($controller); ?> extends AppController {
<strong>
public function <?php echo $action; ?>() {
public function <?php echo h($action); ?>() {
}
</strong>

6
lib/Cake/View/Errors/missing_behavior.ctp
View file

@ -21,15 +21,15 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';
<h2><?php echo __d('cake_dev', 'Missing Behavior'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', '%s could not be found.', '<em>' . $pluginDot . $class . '</em>'); ?>
<?php echo __d('cake_dev', '%s could not be found.', '<em>' . h($pluginDot . $class) . '</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . $class . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'Model' . DS . 'Behavior' . DS . $class . '.php'); ?>
<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . h($class) . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'Model' . DS . 'Behavior' . DS . h($class) . '.php'); ?>
</p>
<pre>
&lt;?php
class <?php echo $class; ?> extends ModelBehavior {
class <?php echo h($class); ?> extends ModelBehavior {
}
</pre>

6
lib/Cake/View/Errors/missing_component.ctp
View file

@ -21,15 +21,15 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';
<h2><?php echo __d('cake_dev', 'Missing Component'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', '%s could not be found.', '<em>' . $pluginDot . $class . '</em>'); ?>
<?php echo __d('cake_dev', '%s could not be found.', '<em>' . h($pluginDot . $class) . '</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . $class . '</em>', (empty($plugin) ? APP_DIR : CakePlugin::path($plugin)) . DS . 'Controller' . DS . 'Component' . DS . $class . '.php'); ?>
<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . h($class) . '</em>', (empty($plugin) ? APP_DIR : CakePlugin::path($plugin)) . DS . 'Controller' . DS . 'Component' . DS . h($class) . '.php'); ?>
</p>
<pre>
&lt;?php
class <?php echo $class; ?> extends Component {
class <?php echo h($class); ?> extends Component {
}
</pre>

6
lib/Cake/View/Errors/missing_connection.ctp
View file

@ -20,18 +20,18 @@
<h2><?php echo __d('cake_dev', 'Missing Database Connection'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'A Database connection using "%s" was missing or unable to connect. ', $class); ?>
<?php echo __d('cake_dev', 'A Database connection using "%s" was missing or unable to connect. ', h($class)); ?>
<br />
<?php
if (isset($message)):
echo __d('cake_dev', 'The database server returned this error: %s', $message);
echo __d('cake_dev', 'The database server returned this error: %s', h($message));
endif;
?>
</p>
<?php if (!$enabled) : ?>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', '%s driver is NOT enabled', $class); ?>
<?php echo __d('cake_dev', '%s driver is NOT enabled', h($class)); ?>
</p>
<?php endif; ?>
<p class="notice">

6
lib/Cake/View/Errors/missing_controller.ctp
View file

@ -21,15 +21,15 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';
<h2><?php echo __d('cake_dev', 'Missing Controller'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', '%s could not be found.', '<em>' . $pluginDot . $class . '</em>'); ?>
<?php echo __d('cake_dev', '%s could not be found.', '<em>' . h($pluginDot . $class) . '</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . $class . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'Controller' . DS . $class . '.php'); ?>
<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . h($class) . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'Controller' . DS . h($class) . '.php'); ?>
</p>
<pre>
&lt;?php
class <?php echo $class . ' extends ' . $plugin; ?>AppController {
class <?php echo h($class . ' extends ' . $plugin); ?>AppController {
}
</pre>

2
lib/Cake/View/Errors/missing_datasource.ctp
View file

@ -21,7 +21,7 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';
<h2><?php echo __d('cake_dev', 'Missing Datasource'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'Datasource class %s could not be found.', '<em>' . $pluginDot . $class . '</em>'); ?>
<?php echo __d('cake_dev', 'Datasource class %s could not be found.', '<em>' . h($pluginDot . $class) . '</em>'); ?>
<?php if (isset($message)): ?>
<?php echo h($message); ?>
<?php endif; ?>

2
lib/Cake/View/Errors/missing_datasource_config.ctp
View file

@ -20,7 +20,7 @@
<h2><?php echo __d('cake_dev', 'Missing Datasource Configuration'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'The datasource configuration %1$s was not found in database.php.', '<em>' . $config . '</em>'); ?>
<?php echo __d('cake_dev', 'The datasource configuration %1$s was not found in database.php.', '<em>' . h($config) . '</em>'); ?>
</p>
<p class="notice">
<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>

6
lib/Cake/View/Errors/missing_helper.ctp
View file

@ -21,15 +21,15 @@ $pluginDot = empty($plugin) ? null : $plugin . '.';
<h2><?php echo __d('cake_dev', 'Missing Helper'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', '%s could not be found.', '<em>' . $pluginDot . $class . '</em>'); ?>
<?php echo __d('cake_dev', '%s could not be found.', '<em>' . h($pluginDot . $class) . '</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . $class . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'View' . DS . 'Helper' . DS . $class . '.php'); ?>
<?php echo __d('cake_dev', 'Create the class %s below in file: %s', '<em>' . h($class) . '</em>', (empty($plugin) ? APP_DIR . DS : CakePlugin::path($plugin)) . 'View' . DS . 'Helper' . DS . h($class) . '.php'); ?>
</p>
<pre>
&lt;?php
class <?php echo $class; ?> extends AppHelper {
class <?php echo h($class); ?> extends AppHelper {
}
</pre>

4
lib/Cake/View/Errors/missing_layout.ctp
View file

@ -20,11 +20,11 @@
<h2><?php echo __d('cake_dev', 'Missing Layout'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'The layout file %s can not be found or does not exist.', '<em>' . $file . '</em>'); ?>
<?php echo __d('cake_dev', 'The layout file %s can not be found or does not exist.', '<em>' . h($file) . '</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'Confirm you have created the file: %s', '<em>' . $file . '</em>'); ?>
<?php echo __d('cake_dev', 'Confirm you have created the file: %s', '<em>' . h($file) . '</em>'); ?>
</p>
<p class="notice">
<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>

4
lib/Cake/View/Errors/missing_plugin.ctp
View file

@ -20,7 +20,7 @@
<h2><?php echo __d('cake_dev', 'Missing Plugin'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'The application is trying to load a file from the %s plugin', '<em>' . $plugin . '</em>'); ?>
<?php echo __d('cake_dev', 'The application is trying to load a file from the %s plugin', '<em>' . h($plugin) . '</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
@ -28,7 +28,7 @@
</p>
<pre>
&lt;?php
CakePlugin::load('<?php echo $plugin?>');
CakePlugin::load('<?php echo h($plugin); ?>');
</pre>
<p class="notice">

2
lib/Cake/View/Errors/missing_table.ctp
View file

@ -20,7 +20,7 @@
<h2><?php echo __d('cake_dev', 'Missing Database Table'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'Table %1$s for model %2$s was not found in datasource %3$s.', '<em>' . $table . '</em>', '<em>' . $class . '</em>', '<em>' . $ds . '</em>'); ?>
<?php echo __d('cake_dev', 'Table %1$s for model %2$s was not found in datasource %3$s.', '<em>' . h($table) . '</em>', '<em>' . h($class) . '</em>', '<em>' . h($ds) . '</em>'); ?>
</p>
<p class="notice">
<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>

4
lib/Cake/View/Errors/missing_view.ctp
View file

@ -20,11 +20,11 @@
<h2><?php echo __d('cake_dev', 'Missing View'); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'The view for %1$s%2$s was not found.', '<em>' . Inflector::camelize($this->request->controller) . 'Controller::</em>', '<em>' . $this->request->action . '()</em>'); ?>
<?php echo __d('cake_dev', 'The view for %1$s%2$s was not found.', '<em>' . h(Inflector::camelize($this->request->controller)) . 'Controller::</em>', '<em>' . h($this->request->action) . '()</em>'); ?>
</p>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', 'Confirm you have created the file: %s', $file); ?>
<?php echo __d('cake_dev', 'Confirm you have created the file: %s', h($file)); ?>
</p>
<p class="notice">
<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>

2
lib/Cake/View/Errors/private_action.ctp
View file

@ -20,7 +20,7 @@
<h2><?php echo __d('cake_dev', 'Private Method in %s', $controller); ?></h2>
<p class="error">
<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
<?php echo __d('cake_dev', '%s%s cannot be accessed directly.', '<em>' . $controller . '::</em>', '<em>' . $action . '()</em>'); ?>
<?php echo __d('cake_dev', '%s%s cannot be accessed directly.', '<em>' . h($controller) . '::</em>', '<em>' . h($action) . '()</em>'); ?>
</p>
<p class="notice">
<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>