diff options
| author | Tristan Darricau <github@nicofuma.fr> | 2016-04-19 12:03:32 +0200 |
|---|---|---|
| committer | Tristan Darricau <github@nicofuma.fr> | 2016-04-19 12:03:32 +0200 |
| commit | 23bdb2eedebee5a625ba35baf3098566bb966127 (patch) | |
| tree | 6eed8e6ff1ad704db03ec2495ccaf86d29ca422a /phpBB/phpbb/event/kernel_exception_subscriber.php | |
| parent | 4cdec74e94728605089587f2fd0667b3b3e4e558 (diff) | |
| download | forums-23bdb2eedebee5a625ba35baf3098566bb966127.tar forums-23bdb2eedebee5a625ba35baf3098566bb966127.tar.gz forums-23bdb2eedebee5a625ba35baf3098566bb966127.tar.bz2 forums-23bdb2eedebee5a625ba35baf3098566bb966127.tar.xz forums-23bdb2eedebee5a625ba35baf3098566bb966127.zip | |
[ticket/security-196] Escapes the exception messages before displaying them
SECURITY-196
Diffstat (limited to 'phpBB/phpbb/event/kernel_exception_subscriber.php')
| -rw-r--r-- | phpBB/phpbb/event/kernel_exception_subscriber.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/phpBB/phpbb/event/kernel_exception_subscriber.php b/phpBB/phpbb/event/kernel_exception_subscriber.php index eb7831ad34..34c8422b0a 100644 --- a/phpBB/phpbb/event/kernel_exception_subscriber.php +++ b/phpBB/phpbb/event/kernel_exception_subscriber.php @@ -34,6 +34,9 @@ class kernel_exception_subscriber implements EventSubscriberInterface */ protected $user; + /** @var \phpbb\request\type_cast_helper */ + protected $type_caster; + /** * Construct method * @@ -44,6 +47,7 @@ class kernel_exception_subscriber implements EventSubscriberInterface { $this->template = $template; $this->user = $user; + $this->type_caster = new \phpbb\request\type_cast_helper(); } /** @@ -57,6 +61,7 @@ class kernel_exception_subscriber implements EventSubscriberInterface $exception = $event->getException(); $message = $exception->getMessage(); + $this->type_caster->set_var($message, $message, 'string', false, false); if ($exception instanceof \phpbb\exception\exception_interface) { |