Fixing issue in error handler, where URL was not escaped with debug == 0.

Tests added. git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@8028 3807eeeb-6ff5-0310-8944-8be069107fe0
2025-01-19 02:56:15 +00:00 · 2009-02-13 14:56:00 +00:00 · 2009-02-13 14:56:00 +00:00 · fdd6ad856e
commit fdd6ad856e
parent 2a36e5f8cd
2 changed files with 14 additions and 2 deletions
--- a/cake/libs/error.php
+++ b/cake/libs/error.php
@ -151,7 +151,7 @@ class ErrorHandler extends Object {
 		$this->controller->set(array(
 			'code' => '404',
 			'name' => __('Not Found', true),
-			'message' => $url,
+			'message' => h($url),
 			'base' => $this->controller->base
 		));
 		$this->_outputMessage('error404');
--- a/cake/tests/cases/libs/error.test.php
+++ b/cake/tests/cases/libs/error.test.php
@ -258,7 +258,19 @@ class TestErrorHandlerTest extends CakeTestCase {
 		$TestErrorHandler = new TestErrorHandler('error404', array('message' => 'Page not found', 'url' => '/test_error'));
 		$result = ob_get_clean();
 		$this->assertPattern('/<h2>Not Found<\/h2>/', $result);
-		$this->assertPattern("/<strong>'\/test_error'<\/strong>/", $result);
+	 	$this->assertPattern("/<strong>'\/test_error'<\/strong>/", $result);
+	
+		ob_start();
+		$TestErrorHandler =& new TestErrorHandler('error404', array('message' => 'Page not found'));
+		ob_get_clean();
+		ob_start();
+		$TestErrorHandler->error404(array(
+			'url' => 'pages/<span id=333>pink</span></id><script>document.body.style.background = t=document.getElementById(333).innerHTML;window.alert(t);</script>',
+			'message' => 'Page not found'
+		));
+		$result = ob_get_clean();
+		$this->assertNoPattern('#<script>#', $result);
+		$this->assertNoPattern('#</script>#', $result);
 	}
 /**
 * testMissingController method