Skip to content

Commit

Permalink
Add escapes, fixes #101
Browse files Browse the repository at this point in the history
  • Loading branch information
@hlohaus @shyim
hlohaus authored and shyim committed Jan 22, 2019
1 parent 466272b commit f26e138
Show file tree
Hide file tree
Showing 8 changed files with 40 additions and 40 deletions.
10 changes: 5 additions & 5 deletions Resources/views/frontend/profiler/detail.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,24 +5,24 @@
<div class="status {if $sDetail.response.httpResponse == 200 || $sDetail.response.httpResponse == 302}status-success{else}status-error{/if}">
<div class="container">
<h2 class="break-long-words">
<a href="{$sDetail.request.url}">{$sDetail.request.url}</a>
<a href="{$sDetail.request.url}">{$sDetail.request.url|escape}</a>
</h2>

<dl class="metadata">
<dt>Method</dt>
<dd>{$sDetail.request.httpMethod}</dd>
<dd>{$sDetail.request.httpMethod|escape}</dd>

<dt>HTTP Status</dt>
<dd>{$sDetail.response.httpResponse}</dd>
<dd>{$sDetail.response.httpResponse|escape}</dd>

<dt>IP</dt>
<dd>{$sDetail.request.ip}</dd>
<dd>{$sDetail.request.ip|escape}</dd>

<dt>Profiled on</dt>
<dd>{$sDetail.request.time|date_format:"Y-m-d H:i:s"}</dd>

<dt>Token</dt>
<dd>{$sId}</dd>
<dd>{$sId|escape}</dd>
</dl>
</div>
</div>
Expand Down
6 changes: 3 additions & 3 deletions Resources/views/frontend/profiler/mail.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
{$data|dump}
{elseif $mode == 'bodyPlain'}
<pre>
{$data}
{$data|escape}
</pre>
{else}
{$data}
{/if}
<iframe src="data:text/html;base64,{$data|base64_encode}" height="100%" width="100%" sandbox></iframe>
{/if}
6 changes: 3 additions & 3 deletions Resources/views/frontend/profiler/tabs/config.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
</div>

<div class="metric">
<span class="value">{$sDetail.php.env}</span>
<span class="value">{$sDetail.php.env|escape}</span>
<span class="label">Environment</span>
</div>
</div>
Expand Down Expand Up @@ -111,9 +111,9 @@
<th scope="row" class="font-normal">{$key}</th>
<td class="font-normal">
{if is_array($value)}
{$value|dump}
{$value|dump|escape}
{else}
{$value}
{$value|escape}
{/if}
</td>
</tr>
Expand Down
8 changes: 4 additions & 4 deletions Resources/views/frontend/profiler/tabs/exception.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,21 +15,21 @@
<tbody>
<tr>
<td>Message</td>
<td>{$sDetail.exception->getMessage()}</td>
<td>{$sDetail.exception->getMessage()|escape}</td>
</tr>
<tr>
<td>Code</td>
<td>{$sDetail.exception->getCode()}</td>
<td>{$sDetail.exception->getCode()|escape}</td>
</tr>
<tr>
<td>File</td>
<td>{$sDetail.exception->getFile()} Line: {$sDetail.exception->getLine()}</td>
<td>{$sDetail.exception->getFile()|escape} Line: {$sDetail.exception->getLine()|escape}</td>
</tr>
<tr>
<td>Traceback</td>
<td>
<pre>
{$sDetail.exception->getTraceAsString()}
{$sDetail.exception->getTraceAsString()|escape}
</pre>
</td>
</tr>
Expand Down
2 changes: 1 addition & 1 deletion Resources/views/frontend/profiler/tabs/forms.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@
{if $error.trace}
<span class="newline">Caused by:</span>
{foreach from=$error.trace item=stacked}
{$stacked|dump}
{$stacked|dump|escape}
{/foreach}
{else}
<em>Unknown.</em>
Expand Down
10 changes: 5 additions & 5 deletions Resources/views/frontend/profiler/tabs/logs.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,15 @@
{foreach from=$sDetail.logs.OTHER item=log}
<tr class="">
<td class="font-normal text-small">
<span class="colored text-bold nowrap">{$log[0]}</span>
<span class="colored text-bold nowrap">{$log[0]|escape}</span>
<span class="text-muted nowrap newline">{$log[3]|date_format:"H:i:s"}</span>
</td>

<td class="font-normal text-small text-bold nowrap">{$log[4]}</td>
<td class="font-normal text-small text-bold nowrap">{$log[4]|escape}</td>

<td class="font-normal">
{$log[1]}<br>
Context: {$log[2]|@json_encode}
Context: {$log[2]|@json_encode|escape}
</td>
</tr>
{/foreach}
Expand All @@ -48,11 +48,11 @@
{foreach from=$sDetail.logs.DEBUG item=log}
<tr class="">
<td class="font-normal text-small">
<span class="colored text-bold nowrap">{$log[0]}</span>
<span class="colored text-bold nowrap">{$log[0]|escape}</span>
<span class="text-muted nowrap newline">{$log[3]|date_format:"H:i:s"}</span>
</td>

<td class="font-normal text-small text-bold nowrap">{$log[4]}</td>
<td class="font-normal text-small text-bold nowrap">{$log[4]|escape}</td>

<td class="font-normal">
{$log[1]}<br>
Expand Down
6 changes: 3 additions & 3 deletions Resources/views/frontend/profiler/tabs/mailer.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@
<tbody>
{foreach from=$sDetail.mails key=id item=data}
<tr>
<td>{$data.from}</td>
<td>{$data.to|dump}</td>
<td>{$data.subject}</td>
<td>{$data.from|escape}</td>
<td>{$data.to|dump|escape}</td>
<td>{$data.subject|escape}</td>
<td>
<a class="btn btn-window" href="{url action=mail mode=bodyHtml id=$sId mailId=$id}">Show Html Mail</a>
<a class="btn btn-window" href="{url action=mail mode=bodyPlain id=$sId mailId=$id}">Show Plain Mail</a>
Expand Down
32 changes: 16 additions & 16 deletions Resources/views/frontend/profiler/tabs/request.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@
<tbody>
{foreach from=$sDetail.request.get key=key item=value}
<tr>
<td>{$key}</td>
<td>{$value}</td>
<td>{$key|escape}</td>
<td>{$value|escape}</td>
</tr>
{/foreach}
</tbody>
Expand All @@ -45,8 +45,8 @@
<tbody>
{foreach from=$sDetail.request.post key=key item=value}
<tr>
<td>{$key}</td>
<td>{$value}</td>
<td>{$key|escape}</td>
<td>{$value|escape}</td>
</tr>
{/foreach}
</tbody>
Expand All @@ -69,7 +69,7 @@
</tr>
<tr>
<th>_route_params</th>
<td>{$sDetail.request.params|@json_encode}</td>
<td>{$sDetail.request.params|@json_encode|escape}</td>
</tr>
</tbody>
</table>
Expand All @@ -85,8 +85,8 @@
<tbody>
{foreach from=$sDetail.server key=key item=value}
<tr>
<td>{$key}</td>
<td>{$value}</td>
<td>{$key|escape}</td>
<td>{$value|escape}</td>
</tr>
{/foreach}
</tbody>
Expand All @@ -110,8 +110,8 @@
<tbody>
{foreach from=$sDetail.request.cookies key=key item=value}
<tr>
<td>{$key}</td>
<td>{$value}</td>
<td>{$key|escape}</td>
<td>{$value|escape}</td>
</tr>
{/foreach}
</tbody>
Expand All @@ -135,8 +135,8 @@
<tbody>
{foreach from=$sDetail.response.headers key=key item=value}
<tr>
<td>{$key}</td>
<td>{$value|@implode:" "}</td>
<td>{$key|escape}</td>
<td>{$value|@implode:" "|escape}</td>
</tr>
{/foreach}
</tbody>
Expand Down Expand Up @@ -180,8 +180,8 @@
<tbody>
{foreach from=$sDetail.session.data key=key item=value}
<tr>
<td>{$key}</td>
<td>{$value|@json_encode}</td>
<td>{$key|escape}</td>
<td>{$value|@json_encode|escape}</td>
</tr>
{/foreach}
</tbody>
Expand All @@ -206,9 +206,9 @@
<tbody>
{foreach from=$sDetail.subrequest key=key item=sSubrequest}
<tr>
<td>{$sSubrequest.request.url}</td>
<td>{$sSubrequest.request.controllerName|ucfirst}</td>
<td>{$sSubrequest.request.actionName|ucfirst}</td>
<td>{$sSubrequest.request.url|escape}</td>
<td>{$sSubrequest.request.controllerName|ucfirst|escape}</td>
<td>{$sSubrequest.request.actionName|ucfirst|escape}</td>
<td>
<a href="{url controller=profiler action=detail id=$sId|cat:'|':$key}" class="btn">Open Subprofile</a>
</td>
Expand Down

0 comments on commit f26e138

Please sign in to comment.