@tsteur opened this Pull Request on June 24th 2015 Owner

Just in case an exception that is displayed there contains any user input

@mattab commented on June 25th 2015 Owner

Looks good to me

@mattab commented on June 25th 2015 Owner

Actually there is a regression where we lose the bold message in: http://builds-artifacts.piwik.org/ui-tests.master/13711.7/UIIntegrationTest_db_connect_error

  • we need to strip_tags and remove <br> only when in CLI
@tsteur commented on June 25th 2015 Owner

we need to strip_tags and remove
only when in CLI

Then htmlentites would escape them and the html would be visible. Looking deeper at the code this method Piwik_GetErrorMessagePage is only used in 2 or 3 parts and the one that contains user input is kinda escaped before already (https://github.com/piwik/piwik/blob/2.14.0-b10/core/ExceptionHandler.php#L70-L72) and doc block says <a class='mention' href='https://github.com/param'>@param</a> string $message Main message, must be html encoded before calling

This Pull Request was closed on June 26th 2015
Powered by GitHub Issue Mirror