8000 [WebProfilerBundle] Normalize whitespace in exceptions passed in headers · symfony/symfony@ec60423 · GitHub
[go: up one dir, main page]
Skip to content

Commit ec60423

Browse files
curry684curry684
committed
[WebProfilerBundle] Normalize whitespace in exceptions passed in headers
If an exception was thrown with line separators in its message the WebProfiler would cause an exception by passing it through unsanitized into the X-Debug-Error HTTP header. This commit fixes that by replacing all whitespace sequences with a single space in the header.
1 parent fb56bcc commit ec60423

File tree

2 files changed

+23
-1
lines changed

2 files changed

+23
-1
lines changed

src/Symfony/Bundle/WebProfilerBundle/EventListener/WebDebugToolbarListener.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ public function onKernelResponse(FilterResponseEvent $event)
7171
$this->urlGenerator->generate('_profiler', array('token' => $response->headers->get('X-Debug-Token')), UrlGeneratorInterface::ABSOLUTE_URL)
7272
);
7373
} catch (\Exception $e) {
74-
$response->headers->set('X-Debug-Error', get_class($e).': '.$e->getMessage());
74+
$response->headers->set('X-Debug-Error', get_class($e).': '.preg_replace('/\s+/', ' ', $e->getMessage()));
7575
}
7676
}
7777

src/Symfony/Bundle/WebProfilerBundle/Tests/EventListener/WebDebugToolbarListenerTest.php

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -246,6 +246,28 @@ public function testThrowingUrlGenerator()
246246
$this->assertEquals('Exception: foo', $response->headers->get('X-Debug-Error'));
247247
}
248248

249+
public function testThrowingErrorCleanup()
250+
{
251+
$response = new Response();
252+
$response->headers->set('X-Debug-Token', 'xxxxxxxx');
253+
254+
$urlGenerator = $this->getUrlGeneratorMock();
255+
$urlGenerator
256+
->expects($this->once())
257+
->method('generate')
258+
->with('_profiler', array('token' => 'xxxxxxxx'))
259+
->will($this->throwException(new \Exception("This\nmultiline\r\ntabbed text should\tcome out\r on\n \ta single plain\r\nline")))
260+
;
261+
262+
$event = new FilterResponseEvent($this->getKernelMock(), $this->getRequestMock(), HttpKernelInterface::MASTER_REQUEST, $response);
263+
264+
$listener = new WebDebugToolbarListener($this->getTwigMock(), false, WebDebugToolbarListener::ENABLED, 'bottom', $urlGenerator);
265+
$listener->onKernelResponse($event);
266+
267+
$this->assertEquals('Exception: This multiline tabbed text should come out on a single plain line', $response->headers->get('X-Debug-Error'));
268+
269+
}
270+
249271
protected function getRequestMock($isXmlHttpRequest = false, $requestFormat = 'html', $hasSession = true)
250272
{
251273
$request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->setMethods(array('getSession', 'isXmlHttpRequest', 'getRequestFormat'))->disableOriginalConstructor()->getMock();

0 commit comments

Comments
 (0)
0