Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 1242e48

Browse files
curry684curry684
committed
[WebProfilerBundle] Normalize whitespace in exceptions passed in headers
If an exception was thrown with line separators in its message the WebProfiler would cause an exception by passing it through unsanitized into the X-Debug-Error HTTP header. This commit fixes that by replacing all whitespace sequences with a single space in the header.
1 parent fb56bcc commit 1242e48

File tree

2 files changed

+22
-1
lines changed

2 files changed

+22
-1
lines changed

src/Symfony/Bundle/WebProfilerBundle/EventListener/WebDebugToolbarListener.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ public function onKernelResponse(FilterResponseEvent $event)
7171
$this->urlGenerator->generate('_profiler', array('token' => $response->headers->get('X-Debug-Token')), UrlGeneratorInterface::ABSOLUTE_URL)
7272
);
7373
} catch (\Exception $e) {
74-
$response->headers->set('X-Debug-Error', get_class($e).': '.$e->getMessage());
74+
$response->headers->set('X-Debug-Error', get_class($e).': '.preg_replace('/\s+/', ' ', $e->getMessage()));
7575
}
7676
}
7777

src/Symfony/Bundle/WebProfilerBundle/Tests/EventListener/WebDebugToolbarListenerTest.php

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -246,6 +246,27 @@ public function testThrowingUrlGenerator()
246246
$this->assertEquals('Exception: foo', $response->headers->get('X-Debug-Error'));
247247
}
248248

249+
public function testThrowingErrorCleanup()
250+
{
251+
$response = new Response();
252+
$response->headers->set('X-Debug-Token', 'xxxxxxxx');
253+
254+
$urlGenerator = $this->getUrlGeneratorMock();
255+
$urlGenerator
256+
->expects($this->once())
257+
->method('generate')
258+
->with('_profiler', array('token' => 'xxxxxxxx'))
259+
->will($this->throwException(new \Exception("This\nmultiline\r\ntabbed text should\tcome out\r on\n \ta single plain\r\nline")))
260+
;
261+
262+
$event = new FilterResponseEvent($this->getKernelMock(), $this->getRequestMock(), HttpKernelInterface::MASTER_REQUEST, $response);
263+
264+
$listener = new WebDebugToolbarListener($this->getTwigMock(), false, WebDebugToolbarListener::ENABLED, 'bottom', $urlGenerator);
265+
$listener->onKernelResponse($event);
266+
267+
$this->assertEquals('Exception: This multiline tabbed text should come out on a single plain line', $response->headers->get('X-Debug-Error'));
268+
}
269+
249270
protected function getRequestMock($isXmlHttpRequest = false, $requestFormat = 'html', $hasSession = true)
250271
{
251272
$request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->setMethods(array('getSession', 'isXmlHttpRequest', 'getRequestFormat'))->disableOriginalConstructor()->getMock();

0 commit comments

Comments
 (0)