Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d646790

Browse files
curry684curry684
committed
[WebProfilerBundle] Normalize whitespace in exceptions passed in headers
If an exception was thrown with line separators in its message the WebProfiler would cause an exception by passing it through unsanitized into the X-Debug-Error HTTP header. This commit fixes that by replacing all whitespace sequences with a single space in the header.
1 parent 2238398 commit d646790

File tree

2 files changed

+22
-1
lines changed

2 files changed

+22
-1
lines changed

src/Symfony/Bundle/WebProfilerBundle/EventListener/WebDebugToolbarListener.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ public function onKernelResponse(FilterResponseEvent $event)
6868
$this->urlGenerator->generate('_profiler', array('token' => $response->headers->get('X-Debug-Token')))
6969
);
7070
} catch (\Exception $e) {
71-
$response->headers->set('X-Debug-Error', get_class($e).': '.$e->getMessage());
71+
$response->headers->set('X-Debug-Error', get_class($e).': '.preg_replace('/\s+/', ' ', $e->getMessage()));
7272
}
7373
}
7474

src/Symfony/Bundle/WebProfilerBundle/Tests/EventListener/WebDebugToolbarListenerTest.php

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -228,6 +228,27 @@ public function testThrowingUrlGenerator()
228228
$this->assertEquals('Exception: foo', $response->headers->get('X-Debug-Error'));
229229
}
230230

231+
public function testThrowingErrorCleanup()
232+
{
233+
$response = new Response();
234+
$response->headers->set('X-Debug-Token', 'xxxxxxxx');
235+
236+
$urlGenerator = $this->getUrlGeneratorMock();
237+
$urlGenerator
238+
->expects($this->once())
239+
->method('generate')
240+
->with('_profiler', array('token' => 'xxxxxxxx'))
241+
->will($this->throwException(new \Exception("This\nmultiline\r\ntabbed text should\tcome out\r on\n \ta single plain\r\nline")))
242+
;
243+
244+
$event = new FilterResponseEvent($this->getKernelMock(), $this->getRequestMock(), HttpKernelInterface::MASTER_REQUEST, $response);
245+
246+
$listener = new WebDebugToolbarListener($this->getTwigMock(), false, WebDebugToolbarListener::ENABLED, 'bottom', $urlGenerator);
247+
$listener->onKernelResponse($event);
248+
249+
$this->assertEquals('Exception: This multiline tabbed text should come out on a single plain line', $response->headers->get('X-Debug-Error'));
250+
}
251+
231252
protected function getRequestMock($isXmlHttpRequest = false, $requestFormat = 'html', $hasSession = true)
232253
{
233254
$request = $this->getMock(

0 commit comments

Comments
 (0)