bug symfony#22154 [WebProfilerBundle] Normalize whitespace in exceptions passed in headers (curry684)

fabpot · fabpot · commit 9466237db0fb · 2017-03-29T07:19:30.000+02:00
This PR was merged into the 2.7 branch. Discussion ---------- [WebProfilerBundle] Normalize whitespace in exceptions passed in headers | Q | A | ------------- | --- | Branch? | 2.7 upwards | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | symfony#22072 | License | MIT If an exception was thrown with line separators in its message the WebProfiler would cause an exception by passing it through unsanitized into the X-Debug-Error HTTP header. This commit fixes that by replacing all whitespace sequences with a single space in the header. Commits ------- d646790 [WebProfilerBundle] Normalize whitespace in exceptions passed in headers
diff --git a/src/Symfony/Bundle/WebProfilerBundle/EventListener/WebDebugToolbarListener.php b/src/Symfony/Bundle/WebProfilerBundle/EventListener/WebDebugToolbarListener.php
@@ -68,7 +68,7 @@ public function onKernelResponse(FilterResponseEvent $event)
                     $this->urlGenerator->generate('_profiler', array('token' => $response->headers->get('X-Debug-Token')), UrlGeneratorInterface::ABSOLUTE_URL)
                 );
             } catch (\Exception $e) {
-                $response->headers->set('X-Debug-Error', get_class($e).': '.$e->getMessage());
+                $response->headers->set('X-Debug-Error', get_class($e).': '.preg_replace('/\s+/', ' ', $e->getMessage()));
             }
         }
 
diff --git a/src/Symfony/Bundle/WebProfilerBundle/Tests/EventListener/WebDebugToolbarListenerTest.php b/src/Symfony/Bundle/WebProfilerBundle/Tests/EventListener/WebDebugToolbarListenerTest.php
@@ -245,6 +245,27 @@ public function testThrowingUrlGenerator()
         $this->assertEquals('Exception: foo', $response->headers->get('X-Debug-Error'));
     }
 
+    public function testThrowingErrorCleanup()
+    {
+        $response = new Response();
+        $response->headers->set('X-Debug-Token', 'xxxxxxxx');
+
+        $urlGenerator = $this->getUrlGeneratorMock();
+        $urlGenerator
+            ->expects($this->once())
+            ->method('generate')
+            ->with('_profiler', array('token' => 'xxxxxxxx'))
+            ->will($this->throwException(new \Exception("This\nmultiline\r\ntabbed text should\tcome out\r on\n \ta single plain\r\nline")))
+        ;
+
+        $event = new FilterResponseEvent($this->getKernelMock(), $this->getRequestMock(), HttpKernelInterface::MASTER_REQUEST, $response);
+
+        $listener = new WebDebugToolbarListener($this->getTwigMock(), false, WebDebugToolbarListener::ENABLED, 'bottom', $urlGenerator);
+        $listener->onKernelResponse($event);
+
+        $this->assertEquals('Exception: This multiline tabbed text should come out on a single plain line', $response->headers->get('X-Debug-Error'));
+    }
+
     protected function getRequestMock($isXmlHttpRequest = false, $requestFormat = 'html', $hasSession = true)
     {
         $request = $this->getMockBuilder('Symfony\Component\HttpFoundation\Request')->setMethods(array('getSession', 'isXmlHttpRequest', 'getRequestFormat'))->disableOriginalConstructor()->getMock();

Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,7 @@ public function onKernelResponse(FilterResponseEvent $event)`
`68`	`68`	`$this->urlGenerator->generate('_profiler', array('token' => $response->headers->get('X-Debug-Token')), UrlGeneratorInterface::ABSOLUTE_URL)`
`69`	`69`	`);`
`70`	`70`	`} catch (\Exception $e) {`
`71`		`- $response->headers->set('X-Debug-Error', get_class($e).': '.$e->getMessage());`
	`71`	`+ $response->headers->set('X-Debug-Error', get_class($e).': '.preg_replace('/\s+/', ' ', $e->getMessage()));`
`72`	`72`	`}`
`73`	`73`	`}`
`74`	`74`