10000 [FrameworkBundle] Fixed various escaping problems and added test case… · ivanrey/symfony@3d92549 · GitHub
[go: up one dir, main page]
Skip to content

Commit 3d92549

Browse files
webmozartwebmozart
committed
[FrameworkBundle] Fixed various escaping problems and added test cases for them
1 parent 990bef8 commit 3d92549

16 files changed

+220
-163
lines changed

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/checkbox_widget.html.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<input type="checkbox"
22
<?php echo $view['form']->attributes() ?>
3-
name="<?php echo $name ?>"
4-
<?php if ($value): ?>value="<?php echo $value ?>"<?php endif ?>
3+
name="<?php echo $view->escape($name) ?>"
4+
<?php if ($value): ?>value="<?php echo $view->escape($value) ?>"<?php endif ?>
55
<?php if ($read_only): ?>disabled="disabled"<?php endif ?>
66
<?php if ($required): ?>required="required"<?php endif ?>
77
<?php if ($checked): ?>checked="checked"<?php endif ?>

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/choice_widget.html.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
<?php else: ?>
99
<select
1010
<?php echo $view['form']->attributes() ?>
11-
name="<?php echo $name ?>"
11+
name="<?php echo $view->escape($name) ?>"
1212
<?php if ($read_only): ?> disabled="disabled"<?php endif ?>
1313
<?php if ($multiple): ?> multiple="multiple"<?php endif ?>
1414
<?php if ($class): ?> class="<?php echo $class ?>"<?php endif ?>

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/csrf_widget.html.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
<?php if (!$form->hasParent() || !$form->getParent()->hasParent()): ?>
22
<input type="hidden"
33
<?php echo $view['form']->attributes() ?>
4-
name="<?php echo $name ?>"
5-
value="<?php echo $value ?>"
4+
name="<?php echo $view->escape($name) ?>"
5+
value="<?php echo $view->escape($value) ?>"
66
<?php if ($read_only): ?>disabled="disabled"<?php endif ?>
77
/>
88
<?php endif ?>

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/date_widget.html.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
<?php if ($widget == 'text'): ?>
22
<input type="text"
33
<?php echo $view['form']->attributes() ?>
4-
name="<?php echo $name ?>"
5-
value="<?php echo $value ?>"
4+
name="<?php echo $view->escape($name) ?>"
5+
value="<?php echo $view->escape($value) ?>"
66
<?php if ($read_only): ?>disabled="disabled"<?php endif ?>
77
<?php if ($required): ?>required="required"<?php endif ?>
88
<?php if ($class): ?>class="<?php echo $class ?>"<?php endif ?>

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/field_label.html.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
<label for="<?php echo $id ?>"><?php echo $view['translator']->trans($label) ?></label>
1+
<label for="<?php echo $view->escape($id) ?>"><?php echo $view->escape($view['translator']->trans($label)) ?></label>

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/field_widget.html.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<input
22
<?php echo $view['form']->attributes() ?>
3-
name="<?php echo $name ?>"
4-
value="<?php echo $value ?>"
3+
name="<?php echo $view->escape($name) ?>"
4+
value="<?php echo $view->escape($value) ?>"
55
<?php if ($class): ?>class="<?php echo $class; ?>"<?php endif; ?>
66
<?php if ($read_only): ?>disabled="disabled"<?php endif ?>
77
<?php if ($required): ?>required="required"<?php endif ?>

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/file_widget.html.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<div<?php echo $view['form']->attributes() ?>>
22
<input type="file"
3-
id="<?php echo $form['file']->getVar('id') ?>"
4-
name="<?php echo $form['file']->getVar('name') ?>"
3+
id="<?php echo $view->escape($form['file']->getVar('id')) ?>"
4+
name="<?php echo $view->escape($form['file']->getVar('name')) ?>"
55
<?php if ($form['file']->getVar('disabled')): ?>disabled="disabled"<?php endif ?>
66
<?php if ($form['file']->getVar('required')): ?>required="required"<?php endif ?>
77
<?php if ($form['file']->getVar('class')): ?>class="<?php echo $form['file']->getVar('class') ?>"<?php endif ?>

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/hidden_widget.html.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
<input type="hidden"
22
<?php echo $view['form']->attributes() ?>
3-
name="<?php echo $name ?>"
4-
value="<?php echo $value ?>"
3+
name="<?php echo $view->escape($name) ?>"
4+
value="<?php echo $view->escape($value) ?>"
55
<?php if ($read_only): ?>disabled="disabled"<?php endif ?>
66
/>

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/integer_widget.html.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<input type="number"
22
<?php echo $view['form']->attributes() ?>
3-
name="<?php echo $name ?>"
4-
value="<?php echo $value ?>"
3+
name="<?php echo $view->escape($name) ?>"
4+
value="<?php echo $view->escape($value) ?>"
55
<?php if ($read_only): ?>disabled="disabled"<?php endif ?>
66
<?php if ($required): ?>required="required"<?php endif ?>
77
<?php if ($class): ?>class="<?php echo $class ?>"<?php endif ?>

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/number_widget.html.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<input type="text"
22
<?php echo $view['form']->attributes() ?>
3-
name="<?php echo $name ?>"
4-
value="<?php echo $value ?>"
3+
name="<?php echo $view->escape($name) ?>"
4+
value="<?php echo $view->escape($value) ?>"
55
<?php if ($read_only): ?>disabled="disabled"<?php endif ?>
66
<?php if ($required): ?>required="required"<?php endif ?>
77
<?php if ($class): ?>class="<?php echo $class ?>"<?php endif ?>

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/password_widget.html.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<input type="password"
22
<?php echo $view['form']->attributes() ?>
3-
name="<?php echo $name ?>"
4-
value="<?php echo $value ?>"
3+
name="<?php echo $view->escape($name) ?>"
4+
value="<?php echo $view->escape($value) ?>"
55
<?php if ($read_only): ?>disabled="disabled"<?php endif ?>
66
<?php if ($required): ?>required="required"<?php endif ?>
77
<?php if ($class): ?>class="<?php echo $class ?>"<?php endif ?>

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/radio_widget.html.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<input type="radio"
22
<?php echo $view['form']->attributes() ?>
3-
name="<?php echo $name ?>"
4-
value="<?php echo $value ?>"
3+
name="<?php echo $view->escape($name) ?>"
4+
value="<?php echo $view->escape($value) ?>"
55
<?php if ($read_only): ?>disabled="disabled"<?php endif ?>
66
<?php if ($required): ?>required="required"<?php endif ?>
77
<?php if ($checked): ?>checked="checked"<?php endif ?>

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/text_widget.html.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<input type="text"
22
<?php echo $view['form']->attributes() ?>
3-
name="<?php echo $name ?>"
4-
value="<?php echo $value ?>"
3+
name="<?php echo $view->escape($name) ?>"
4+
value="<?php echo $view->escape($value) ?>"
55
<?php if ($class): ?>class="<?php echo $class; ?>"<?php endif; ?>
66
<?php if ($read_only): ?>disabled="disabled"<?php endif ?>
77
<?php if ($required): ?>required="required"<?php endif ?>

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/textarea_widget.html.php

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,7 @@
11
<textarea
22
<?php echo $view['form']->attributes() ?>
3-
name="<?php echo $name ?>"
3+
name="<?php echo $view->escape($name) ?>"
44
<?php if ($read_only): ?>disabled="disabled"<?php endif ?>
55
<?php if ($required): ?>required="required"<?php endif ?>
66
<?php if ($class): ?>class="<?php echo $class ?>"<?php endif ?>
7-
><?php
8-
echo $view->escape($value)
9-
?></textarea>
7+
><?php echo $view->escape($value) ?></textarea>

src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/url_widget.html.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<input type="url"
22
<?php echo $view['form']->attributes() ?>
3-
name="<?php echo $name ?>"
4-
value="<?php echo $value ?>"
3+
name="<?php echo $view->escape($name) ?>"
4+
value="<?php echo $view->escape($value) ?>"
55
<?php if ($read_only): ?>disabled="disabled"<?php endif ?>
66
<?php if ($required): ?>required="required"<?php endif ?>
77
<?php if ($class): ?>class="<?php echo $class ?>"<?php endif ?>

0 commit comments

Comments
 (0)
0