minor symfony#11851 [HttpKernel] Escape SSI virtual in generated resp…

…onse (Jérémy Derussé) This PR was merged into the 2.6-dev branch. Discussion ---------- [HttpKernel] Escape SSI virtual in generated response | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | NA If a template with an `` tag is configured with an "virtual" containing a `'` ; the HttpCache will generate invalide php code. See symfony#11845 for the same issue on `<esi>` tags Commits ------- b50a434 Fix CS 1862427 Escape SSI virtual in generated response
fgueguen · Sep 5, 2014 · eb1e3c3 · eb1e3c3
2 parents 43b10bc + b50a434
commit eb1e3c3
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/src/Symfony/Component/HttpKernel/HttpCache/Ssi.php b/src/Symfony/Component/HttpKernel/HttpCache/Ssi.php
@@ -71,7 +71,7 @@ public function addSurrogateCapability(Request $request)
         $current = $request->headers->get('Surrogate-Capability');
         $new = 'symfony2="SSI/1.0"';
 
-        $request->headers->set('Surrogate-Capability', $current ? $current . ', ' . $new : $new);
+        $request->headers->set('Surrogate-Capability', $current ? $current.', '.$new : $new);
     }
 
     /**
@@ -188,10 +188,8 @@ private function handleIncludeTag($attributes)
             throw new \RuntimeException('Unable to process an SSI tag without a "virtual" attribute.');
         }
 
-        return sprintf('<?php echo $this->surrogate->handle($this, \'%s\', \'%s\', %s) ?>' . "\n",
-            $options['virtual'],
-            '',
-            'false'
+        return sprintf('<?php echo $this->surrogate->handle($this, %s, \'\', false) ?>'."\n",
+            var_export($options['virtual'], true)
         );
     }
 }
diff --git a/src/Symfony/Component/HttpKernel/Tests/HttpCache/SsiTest.php b/src/Symfony/Component/HttpKernel/Tests/HttpCache/SsiTest.php
@@ -101,6 +101,11 @@ public function testProcess()
 
         $this->assertEquals('foo <?php echo $this->surrogate->handle($this, \'...\', \'\', false) ?>'."\n", $response->getContent());
         $this->assertEquals('SSI', $response->headers->get('x-body-eval'));
+
+        $response = new Response('foo <!--#include virtual="foo\'" -->');
+        $ssi->process($request, $response);
+
+        $this->assertEquals("foo <?php echo \$this->surrogate->handle(\$this, 'foo\\'', '', false) ?>"."\n", $response->getContent());
     }
 
     public function testProcessEscapesPhpTags()