[HttpKernel] hinclude fragment renderer must escape URIs properly to return valid html

Tobion · Tobion · commit 54d7d258c103 · 2013-02-15T22:21:39.000+01:00
diff --git a/src/Symfony/Component/HttpKernel/Fragment/HIncludeFragmentRenderer.php b/src/Symfony/Component/HttpKernel/Fragment/HIncludeFragmentRenderer.php
@@ -64,6 +64,9 @@ public function render($uri, Request $request, array $options = array())
             $uri = $this->signer->sign($this->generateFragmentUri($uri, $request));
         }
 
+        // We need to replace ampersands in the URI with the encoded form in order to return valid html/xml content.
+        $uri = str_replace('&', '&amp;', $uri);
+
         $template = isset($options['default']) ? $options['default'] : $this->globalDefaultTemplate;
         if (null !== $this->templating && $template && $this->templateExists($template)) {
             $content = $this->templating->render($template);
diff --git a/src/Symfony/Component/HttpKernel/Tests/Fragment/HIncludeFragmentRendererTest.php b/src/Symfony/Component/HttpKernel/Tests/Fragment/HIncludeFragmentRendererTest.php
@@ -38,7 +38,7 @@ public function testRenderWithControllerAndSigner()
     {
         $strategy = new HIncludeFragmentRenderer(null, new UriSigner('foo'));
 
-        $this->assertEquals('<hx:include src="http://localhost/_fragment?_path=_format%3Dhtml%26_controller%3Dmain_controller&_hash=VI25qJj8J0qveB3bGKPhsJtexKg%3D"></hx:include>', $strategy->render(new ControllerReference('main_controller', array(), array()), Request::create('/'))->getContent());
+        $this->assertEquals('<hx:include src="http://localhost/_fragment?_path=_format%3Dhtml%26_controller%3Dmain_controller&amp;_hash=VI25qJj8J0qveB3bGKPhsJtexKg%3D"></hx:include>', $strategy->render(new ControllerReference('main_controller', array(), array()), Request::create('/'))->getContent());
     }
 
     public function testRenderWithUri()

Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,9 @@ public function render($uri, Request $request, array $options = array())`
`64`	`64`	`$uri = $this->signer->sign($this->generateFragmentUri($uri, $request));`
`65`	`65`	`}`
`66`	`66`
	`67`	`+ // We need to replace ampersands in the URI with the encoded form in order to return valid html/xml content.`
	`68`	`+ $uri = str_replace('&', '&', $uri);`
	`69`	`+`
`67`	`70`	`$template = isset($options['default']) ? $options['default'] : $this->globalDefaultTemplate;`
`68`	`71`	`if (null !== $this->templating && $template && $this->templateExists($template)) {`
`69`	`72`	`$content = $this->templating->render($template);`
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ public function testRenderWithControllerAndSigner()`
`38`	`38`	`{`
`39`	`39`	`$strategy = new HIncludeFragmentRenderer(null, new UriSigner('foo'));`
`40`	`40`
`41`		`- $this->assertEquals('<hx:include src="http://localhost/_fragment?_path=_format%3Dhtml%26_controller%3Dmain_controller&_hash=VI25qJj8J0qveB3bGKPhsJtexKg%3D"></hx:include>', $strategy->render(new ControllerReference('main_controller', array(), array()), Request::create('/'))->getContent());`
	`41`	`+ $this->assertEquals('<hx:include src="http://localhost/_fragment?_path=_format%3Dhtml%26_controller%3Dmain_controller&_hash=VI25qJj8J0qveB3bGKPhsJtexKg%3D"></hx:include>', $strategy->render(new ControllerReference('main_controller', array(), array()), Request::create('/'))->getContent());`
`42`	`42`	`}`
`43`	`43`
`44`	`44`	`public function testRenderWithUri()`