Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit eb1e3c3

Browse filesBrowse files
fabpotfabpot
committed
minor #11851 [HttpKernel] Escape SSI virtual in generated response (Jérémy Derussé)
This PR was merged into the 2.6-dev branch. Discussion ---------- [HttpKernel] Escape SSI virtual in generated response | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | NA If a template with an `<!--#inlude -->` tag is configured with an "virtual" containing a `'` ; the HttpCache will generate invalide php code. See #11845 for the same issue on `<esi>` tags Commits ------- b50a434 Fix CS 1862427 Escape SSI virtual in generated response
2 parents 43b10bc + b50a434 commit eb1e3c3
Copy full SHA for eb1e3c3

File tree

Expand file treeCollapse file tree

2 files changed

+8
-5
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+8
-5
lines changed

‎src/Symfony/Component/HttpKernel/HttpCache/Ssi.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/HttpCache/Ssi.php
+3-5Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ public function addSurrogateCapability(Request $request)
7171
$current = $request->headers->get('Surrogate-Capability');
7272
$new = 'symfony2="SSI/1.0"';
7373

74-
$request->headers->set('Surrogate-Capability', $current ? $current . ', ' . $new : $new);
74+
$request->headers->set('Surrogate-Capability', $current ? $current.', '.$new : $new);
7575
}
7676

7777
/**
@@ -188,10 +188,8 @@ private function handleIncludeTag($attributes)
188188
throw new \RuntimeException('Unable to process an SSI tag without a "virtual" attribute.');
189189
}
190190

191-
return sprintf('<?php echo $this->surrogate->handle($this, \'%s\', \'%s\', %s) ?>' . "\n",
192-
$options['virtual'],
193-
'',
194-
'false'
191+
return sprintf('<?php echo $this->surrogate->handle($this, %s, \'\', false) ?>'."\n",
192+
var_export($options['virtual'], true)
195193
);
196194
}
197195
}

‎src/Symfony/Component/HttpKernel/Tests/HttpCache/SsiTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Tests/HttpCache/SsiTest.php
+5Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,11 @@ public function testProcess()
101101

102102
$this->assertEquals('foo <?php echo $this->surrogate->handle($this, \'...\', \'\', false) ?>'."\n", $response->getContent());
103103
$this->assertEquals('SSI', $response->headers->get('x-body-eval'));
104+
105+
$response = new Response('foo <!--#include virtual="foo\'" -->');
106+
$ssi->process($request, $response);
107+
108+
$this->assertEquals("foo <?php echo \$this->surrogate->handle(\$this, 'foo\\'', '', false) ?>"."\n", $response->getContent());
104109
}
105110

106111
public function testProcessEscapesPhpTags()

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.