makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/security-196] Escapes the exception messages before displaying them

Browse source 
SECURITY-196
This commit is contained in:
Tristan Darricau 2016-04-19 12:03:32 +02:00
parent 4cdec74e94
commit 23bdb2eede
No known key found for this signature in database
GPG key ID: 817043C2E29DB881
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
phpBB/phpbb/event/kernel_exception_subscriber.php
View file

@ -34,6 +34,9 @@ class kernel_exception_subscriber implements EventSubscriberInterface
*/ */
protected $user; protected $user;
/** @var \phpbb\request\type_cast_helper */
protected $type_caster;
/** /**
* Construct method * Construct method
* *
@ -44,6 +47,7 @@ class kernel_exception_subscriber implements EventSubscriberInterface
{ {
$this->template = $template; $this->template = $template;
$this->user = $user; $this->user = $user;
$this->type_caster = new \phpbb\request\type_cast_helper();
} }
/** /**
@ -57,6 +61,7 @@ class kernel_exception_subscriber implements EventSubscriberInterface
$exception = $event->getException(); $exception = $event->getException();
$message = $exception->getMessage(); $message = $exception->getMessage();
$this->type_caster->set_var($message, $message, 'string', false, false);
if ($exception instanceof \phpbb\exception\exception_interface) if ($exception instanceof \phpbb\exception\exception_interface)
{ {