mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 05:50:42 +02:00
Code Issues Releases Wiki Activity

[ticket/13280] Output escaping for the symfony request object

Browse Source 
PHPBB3-13280
This commit is contained in:
Tristan Darricau
2014-11-12 11:44:56 +01:00
parent 526a97db7c
commit 0dfe1d0d8b
12 changed files with 116 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
phpBB/phpbb/controller/helper.php
View File

@@ -44,6 +44,9 @@ class helper
/* @var \phpbb\symfony_request */
protected $symfony_request;
/* @var \phpbb\request\request_interface */
protected $request;
/**
* @var \phpbb\filesystem The filesystem object
*/
@@ -70,16 +73,18 @@ class helper
* @param \phpbb\controller\provider $provider Path provider
* @param \phpbb\extension\manager $manager Extension manager object
* @param \phpbb\symfony_request $symfony_request Symfony Request object
* @param \phpbb\request\request_interface $request phpBB request object
* @param \phpbb\filesystem $filesystem The filesystem object
* @param string $phpbb_root_path phpBB root path
* @param string $php_ext PHP file extension
*/
public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext)
public function __construct(\phpbb\template\template $template, \phpbb\user $user, \phpbb\config\config $config, \phpbb\controller\provider $provider, \phpbb\extension\manager $manager, \phpbb\symfony_request $symfony_request, \phpbb\request\request_interface $request, \phpbb\filesystem $filesystem, $phpbb_root_path, $php_ext)
{
$this->template = $template;
$this->user = $user;
$this->config = $config;
$this->symfony_request = $symfony_request;
$this->request = $request;
$this->filesystem = $filesystem;
$this->phpbb_root_path = $phpbb_root_path;
$this->php_ext = $php_ext;
@@ -153,7 +158,7 @@ class helper
}
}
$base_url = $this->filesystem->clean_path($base_url);
$base_url = $this->request->escape($this->filesystem->clean_path($base_url), true);
$context->setBaseUrl($base_url);
@@ -197,6 +202,6 @@ class helper
*/
public function get_current_url()
{
return generate_board_url(true) . $this->symfony_request->getRequestUri();
return generate_board_url(true) . $this->request->escape($this->symfony_request->getRequestUri(), true);
}
}