diff options
author | Tristan Darricau <github@nicofuma.fr> | 2014-11-12 11:44:56 +0100 |
---|---|---|
committer | Tristan Darricau <github@nicofuma.fr> | 2014-11-16 16:45:19 +0100 |
commit | 0dfe1d0d8b007ec7b7cae0715cfb2e5f4e33bad4 (patch) | |
tree | c8e5bc0ca0d0f646b37d392d9bd67f6215dec7e4 /phpBB/phpbb/controller/helper.php | |
parent | 526a97db7cea84ab54b7d283c888ada58a310bc4 (diff) | |
download | forums-0dfe1d0d8b007ec7b7cae0715cfb2e5f4e33bad4.tar forums-0dfe1d0d8b007ec7b7cae0715cfb2e5f4e33bad4.tar.gz forums-0dfe1d0d8b007ec7b7cae0715cfb2e5f4e33bad4.tar.bz2 forums-0dfe1d0d8b007ec7b7cae0715cfb2e5f4e33bad4.tar.xz forums-0dfe1d0d8b007ec7b7cae0715cfb2e5f4e33bad4.zip |
[ticket/13280] Output escaping for the symfony request object
PHPBB3-13280
Diffstat (limited to 'phpBB/phpbb/controller/helper.php')
-rw-r--r-- | phpBB/phpbb/controller/helper.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/phpBB/phpbb/controller/helper.php b/phpBB/phpbb/controller/helper.php index 187e455d48..52e6947c2c 100644 --- a/phpBB/phpbb/controller/helper.php +++ b/phpBB/phpbb/controller/helper.php @@ -44,6 +44,9 @@ class helper /* @var \phpbb\symfony_request */ protected $symfony_request; + /* @var \phpbb\request\request_interface */ + protected $request; + /** * @var \phpbb\filesystem The filesystem object */ @@ -70,16 +73,18 @@ class helper * @param \phpbb\controller\provider $provider Path provider * @param \phpbb\extension\manager $manager Extension manager object * @param \phpbb\symfony_request $symfony_request Symfony Request object + * @param \phpbb\request\request_interface $request phpBB request object * @param \phpbb\filesystem $filesystem The filesystem object * @param string $phpbb_root_path phpBB root path * @param string $php_ext PHP file extension */ - public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext) + public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\request\request_interface $request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext) { $this->template = $template; $this->user = $user; $this->config = $config; $this->symfony_request = $symfony_request; + $this->request = $request; $this->filesystem = $filesystem; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext; @@ -153,7 +158,7 @@ class helper } } - $base_url = $this->filesystem->clean_path($base_url); + $base_url = $this->request->escape($this->filesystem->clean_path($base_url), true); $context->setBaseUrl($base_url); @@ -197,6 +202,6 @@ class helper */ public function get_current_url() { - return generate_board_url(true) . $this->symfony_request->getRequestUri(); + return generate_board_url(true) . $this->request->escape($this->symfony_request->getRequestUri(), true); } } |