From 0dfe1d0d8b007ec7b7cae0715cfb2e5f4e33bad4 Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Wed, 12 Nov 2014 11:44:56 +0100 Subject: [ticket/13280] Output escaping for the symfony request object PHPBB3-13280 --- phpBB/phpbb/controller/helper.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'phpBB/phpbb/controller') diff --git a/phpBB/phpbb/controller/helper.php b/phpBB/phpbb/controller/helper.php index 187e455d48..52e6947c2c 100644 --- a/phpBB/phpbb/controller/helper.php +++ b/phpBB/phpbb/controller/helper.php @@ -44,6 +44,9 @@ class helper /* @var \phpbb\symfony_request */ protected $symfony_request; + /* @var \phpbb\request\request_interface */ + protected $request; + /** * @var \phpbb\filesystem The filesystem object */ @@ -70,16 +73,18 @@ class helper * @param \phpbb\controller\provider $provider Path provider * @param \phpbb\extension\manager $manager Extension manager object * @param \phpbb\symfony_request $symfony_request Symfony Request object + * @param \phpbb\request\request_interface $request phpBB request object * @param \phpbb\filesystem $filesystem The filesystem object * @param string $phpbb_root_path phpBB root path * @param string $php_ext PHP file extension */ - public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext) + public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\request\request_interface $request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext) { $this->template = $template; $this->user = $user; $this->config = $config; $this->symfony_request = $symfony_request; + $this->request = $request; $this->filesystem = $filesystem; $this->phpbb_root_path = $phpbb_root_path; $this->php_ext = $php_ext; @@ -153,7 +158,7 @@ class helper } } - $base_url = $this->filesystem->clean_path($base_url); + $base_url = $this->request->escape($this->filesystem->clean_path($base_url), true); $context->setBaseUrl($base_url); @@ -197,6 +202,6 @@ class helper */ public function get_current_url() { - return generate_board_url(true) . $this->symfony_request->getRequestUri(); + return generate_board_url(true) . $this->request->escape($this->symfony_request->getRequestUri(), true); } } -- cgit v1.2.1 From b00d02496e9ec8281a6e0d6637772c55a7011c60 Mon Sep 17 00:00:00 2001 From: Tristan Darricau Date: Sat, 22 Nov 2014 23:10:19 +0100 Subject: [ticket/13361] Improve the exception listener PHPBB3-13361 --- phpBB/phpbb/controller/helper.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'phpBB/phpbb/controller') diff --git a/phpBB/phpbb/controller/helper.php b/phpBB/phpbb/controller/helper.php index 52e6947c2c..7ee90b10ba 100644 --- a/phpBB/phpbb/controller/helper.php +++ b/phpBB/phpbb/controller/helper.php @@ -184,6 +184,8 @@ class helper * @param string $message The error message * @param int $code The error code (e.g. 404, 500, 503, etc.) * @return Response A Response instance + * + * @deprecated 3.1.3 (To be removed: 3.3.0) Use exceptions instead. */ public function error($message, $code = 500) { -- cgit v1.2.1 From afe99f90506153c22d5d3791c3f5467938e835cf Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 29 Jan 2015 19:08:32 +0100 Subject: [ticket/13553] Add a method to the controller helper to display a message PHPBB3-13553 --- phpBB/phpbb/controller/helper.php | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'phpBB/phpbb/controller') diff --git a/phpBB/phpbb/controller/helper.php b/phpBB/phpbb/controller/helper.php index 7ee90b10ba..85ecd87c5f 100644 --- a/phpBB/phpbb/controller/helper.php +++ b/phpBB/phpbb/controller/helper.php @@ -188,10 +188,25 @@ class helper * @deprecated 3.1.3 (To be removed: 3.3.0) Use exceptions instead. */ public function error($message, $code = 500) + { + return $this->message($message, false, $code); + } + + /** + * Output a message + * + * In case of an error, please throw an exception instead + * + * @param string $message The message to display + * @param string|false $title Title for the message + * @param int $code The HTTP status code (e.g. 404, 500, 503, etc.) + * @return Response A Response instance + */ + public function message($message, $title = false, $code = 200) { $this->template->assign_vars(array( 'MESSAGE_TEXT' => $message, - 'MESSAGE_TITLE' => $this->user->lang('INFORMATION'), + 'MESSAGE_TITLE' => ($title === false) ? $this->user->lang('INFORMATION') : $title, )); return $this->render('message_body.html', $this->user->lang('INFORMATION'), $code); -- cgit v1.2.1 From 7127d08c8f6e858a42d832aa0eb18c8196875e45 Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Fri, 30 Jan 2015 15:07:37 -0800 Subject: [ticket/13553] Message helper should accept a lang key var PHPBB3-13553 --- phpBB/phpbb/controller/helper.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'phpBB/phpbb/controller') diff --git a/phpBB/phpbb/controller/helper.php b/phpBB/phpbb/controller/helper.php index 85ecd87c5f..d135f487e0 100644 --- a/phpBB/phpbb/controller/helper.php +++ b/phpBB/phpbb/controller/helper.php @@ -189,7 +189,7 @@ class helper */ public function error($message, $code = 500) { - return $this->message($message, false, $code); + return $this->message($message, array(), false, $code); } /** @@ -197,15 +197,17 @@ class helper * * In case of an error, please throw an exception instead * - * @param string $message The message to display - * @param string|false $title Title for the message + * @param string $message The message to display (must be a language variable) + * @param array $parameters The parameters to use with the language var + * @param string|bool $title Title for the message * @param int $code The HTTP status code (e.g. 404, 500, 503, etc.) * @return Response A Response instance */ - public function message($message, $title = false, $code = 200) + public function message($message, array $parameters = array(), $title = false, $code = 200) { + array_unshift($parameters, $message); $this->template->assign_vars(array( - 'MESSAGE_TEXT' => $message, + 'MESSAGE_TEXT' => call_user_func_array(array($this->user, 'lang'), $parameters), 'MESSAGE_TITLE' => ($title === false) ? $this->user->lang('INFORMATION') : $title, )); -- cgit v1.2.1 From ab4b1afd98b1a9ba532390373b88b518c3d98ece Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Fri, 30 Jan 2015 15:19:42 -0800 Subject: [ticket/13553] Make title var accept a lang key var PHPBB3-13553 --- phpBB/phpbb/controller/helper.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'phpBB/phpbb/controller') diff --git a/phpBB/phpbb/controller/helper.php b/phpBB/phpbb/controller/helper.php index d135f487e0..8b0efae08a 100644 --- a/phpBB/phpbb/controller/helper.php +++ b/phpBB/phpbb/controller/helper.php @@ -189,7 +189,7 @@ class helper */ public function error($message, $code = 500) { - return $this->message($message, array(), false, $code); + return $this->message($message, array(), 'INFORMATION', $code); } /** @@ -199,16 +199,16 @@ class helper * * @param string $message The message to display (must be a language variable) * @param array $parameters The parameters to use with the language var - * @param string|bool $title Title for the message + * @param string $title Title for the message (must be a language variable) * @param int $code The HTTP status code (e.g. 404, 500, 503, etc.) * @return Response A Response instance */ - public function message($message, array $parameters = array(), $title = false, $code = 200) + public function message($message, array $parameters = array(), $title = 'INFORMATION', $code = 200) { array_unshift($parameters, $message); $this->template->assign_vars(array( 'MESSAGE_TEXT' => call_user_func_array(array($this->user, 'lang'), $parameters), - 'MESSAGE_TITLE' => ($title === false) ? $this->user->lang('INFORMATION') : $title, + 'MESSAGE_TITLE' => $this->user->lang($title), )); return $this->render('message_body.html', $this->user->lang('INFORMATION'), $code); -- cgit v1.2.1 From e6bbde2bffc4ff90de1b754d3682bc7f1ca1d67c Mon Sep 17 00:00:00 2001 From: Matt Friedman Date: Fri, 30 Jan 2015 15:28:25 -0800 Subject: [ticket/13553] Use defined title value in page headers too PHPBB3-13553 --- phpBB/phpbb/controller/helper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/phpbb/controller') diff --git a/phpBB/phpbb/controller/helper.php b/phpBB/phpbb/controller/helper.php index 8b0efae08a..c6c470e91b 100644 --- a/phpBB/phpbb/controller/helper.php +++ b/phpBB/phpbb/controller/helper.php @@ -211,7 +211,7 @@ class helper 'MESSAGE_TITLE' => $this->user->lang($title), )); - return $this->render('message_body.html', $this->user->lang('INFORMATION'), $code); + return $this->render('message_body.html', $this->user->lang($title), $code); } /** -- cgit v1.2.1