From 0dfe1d0d8b007ec7b7cae0715cfb2e5f4e33bad4 Mon Sep 17 00:00:00 2001
From: Tristan Darricau <github@nicofuma.fr>
Date: Wed, 12 Nov 2014 11:44:56 +0100
Subject: [ticket/13280] Output escaping for the symfony request object

PHPBB3-13280
---
 phpBB/config/services.yml | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'phpBB/config')

diff --git a/phpBB/config/services.yml b/phpBB/config/services.yml
index 5003697564..975f2f7580 100644
--- a/phpBB/config/services.yml
+++ b/phpBB/config/services.yml
@@ -75,6 +75,7 @@ services:
             - @controller.provider
             - @ext.manager
             - @symfony_request
+            - @request
             - @filesystem
             - %core.root_path%
             - %core.php_ext%
@@ -155,6 +156,8 @@ services:
             - null
             - %core.disable_super_globals%
 
+    # WARNING: The Symfony request does not escape the input and should be used very carefully
+    #           prefer the phpbb request (service @request) as possible
     symfony_request:
         class: phpbb\symfony_request
         arguments:
-- 
cgit v1.2.1