Fix string comparison function

Flush stray output on view errors
2024-06-28 05:33:29 +02:00 · 2016-01-02 16:13:30 +11:00 · 2016-01-02 16:13:30 +11:00 · 2213c6f28c
commit 2213c6f28c
parent 0762e5cf53
2 changed files with 41 additions and 2 deletions
--- a/modules/backend/classes/Controller.php
+++ b/modules/backend/classes/Controller.php
@ -2,6 +2,7 @@

 use App;
 use Log;
+use Str;
 use Lang;
 use View;
 use Flash;
@ -677,7 +678,7 @@ class Controller extends Extendable

        $token = Request::input('_token') ?: Request::header('X-CSRF-TOKEN');

-        return \Symfony\Component\Security\Core\Util\StringUtils::equals(
+        return Str::equals(
            Session::getToken(),
            $token
        );
--- a/modules/system/traits/ViewMaker.php
+++ b/modules/system/traits/ViewMaker.php
@ -5,6 +5,9 @@ use Lang;
 use Event;
 use Block;
 use SystemException;
+use Exception;
+use Throwable;
+use Symfony\Component\Debug\Exception\FatalThrowableError;

 /**
 * View Maker Trait
@ -91,6 +94,7 @@ trait ViewMaker
     */
    public function makeViewContent($contents, $layout = null)
    {
+            return $contents;
        if ($this->suppressLayout || $this->layout == '') {
            return $contents;
        }
@ -203,12 +207,46 @@ trait ViewMaker

        $vars = array_merge($this->vars, $extraParams);

+        $obLevel = ob_get_level();
+
        ob_start();
+
        extract($vars);
-        include $filePath;
+
+        // We'll evaluate the contents of the view inside a try/catch block so we can
+        // flush out any stray output that might get out before an error occurs or
+        // an exception is thrown. This prevents any partial views from leaking.
+        try {
+            include $filePath;
+        }
+        catch (Exception $e) {
+            $this->handleViewException($e, $obLevel);
+        }
+        catch (Throwable $e) {
+            $this->handleViewException(new FatalThrowableError($e), $obLevel);
+        }
+
        return ob_get_clean();
    }

+    /**
+     * Handle a view exception.
+     *
+     * @param  \Exception  $e
+     * @param  int  $obLevel
+     * @return void
+     *
+     * @throws $e
+     */
+    protected function handleViewException($e, $obLevel)
+    {
+        while (ob_get_level() > $obLevel) {
+            ob_end_clean();
+        }
+
+        throw $e;
+    }
+
    /**
     * Guess the package path for the called class.
     * @param string $suffix An extra path to attach to the end