13 years ago · 8931b74ba2
--- a/lib/Cake/Controller/CakeErrorController.php
+++ b/lib/Cake/Controller/CakeErrorController.php
@@ -66,18 +66,4 @@ class CakeErrorController extends AppController {
 
				 		$this->_set(array('cacheAction' => false, 'viewPath' => 'Errors'));
			
 
				 	}
			
 
				 
			
 
				-/**
			
 
				- * Escapes the viewVars.
			
 
				- *
			
 
				- * @return void
			
 
				- */
			
 
				-	public function beforeRender() {
			
 
				-		parent::beforeRender();
			
 
				-		foreach ($this->viewVars as $key => $value) {
			
 
				-			if (!is_object($value)) {
			
 
				-				$this->viewVars[$key] = h($value);
			
 
				-			}
			
 
				-		}
			
 
				-	}
			
 
				-
			
 
				 }
			
--- a/lib/Cake/Error/ExceptionRenderer.php
+++ b/lib/Cake/Error/ExceptionRenderer.php
@@ -184,7 +184,7 @@ class ExceptionRenderer {
 
				 		$this->controller->set(array(
			
 
				 			'code' => $code,
			
 
				 			'url' => h($url),
			
 
				-			'name' => $error->getMessage(),
			
 
				+			'name' => h($error->getMessage()),
			
 
				 			'error' => $error,
			
 
				 			'_serialize' => array('code', 'url', 'name')
			
 
				 		));
			
@@ -206,7 +206,7 @@ class ExceptionRenderer {
 
				 		$url = $this->controller->request->here();
			
 
				 		$this->controller->response->statusCode($error->getCode());
			
 
				 		$this->controller->set(array(
			
 
				-			'name' => $message,
			
 
				+			'name' => h($message),
			
 
				 			'url' => h($url),
			
 
				 			'error' => $error,
			
 
				 			'_serialize' => array('name', 'url')
			
@@ -229,7 +229,7 @@ class ExceptionRenderer {
 
				 		$code = ($error->getCode() > 500 && $error->getCode() < 506) ? $error->getCode() : 500;
			
 
				 		$this->controller->response->statusCode($code);
			
 
				 		$this->controller->set(array(
			
 
				-			'name' => $message,
			
 
				+			'name' => h($message),
			
 
				 			'message' => h($url),
			
 
				 			'error' => $error,
			
 
				 			'_serialize' => array('name', 'message')
			
@@ -250,7 +250,7 @@ class ExceptionRenderer {
 
				 		$this->controller->set(array(
			
 
				 			'code' => $code,
			
 
				 			'url' => h($url),
			
 
				-			'name' => $error->getMessage(),
			
 
				+			'name' => h($error->getMessage()),
			
 
				 			'error' => $error,
			
 
				 			'_serialize' => array('code', 'url', 'name', 'error')
			
 
				 		));
			
--- a/lib/Cake/Test/Case/Error/ExceptionRendererTest.php
+++ b/lib/Cake/Test/Case/Error/ExceptionRendererTest.php
@@ -770,7 +770,7 @@ class ExceptionRendererTest extends CakeTestCase {
 
				 
			
 
				 		$this->assertContains('<h2>Database Error</h2>', $result);
			
 
				 		$this->assertContains('There was an error in the SQL query', $result);
			
 
				-		$this->assertContains('SELECT * from poo_query < 5 and :seven', $result);
			
 
				+		$this->assertContains(h('SELECT * from poo_query < 5 and :seven'), $result);
			
 
				 		$this->assertContains("'seven' => (int) 7", $result);
			
 
				 	}
			
 
				 }
			
--- a/lib/Cake/View/Errors/pdo_error.ctp
+++ b/lib/Cake/View/Errors/pdo_error.ctp
@@ -19,17 +19,17 @@
 
				 <h2><?php echo __d('cake_dev', 'Database Error'); ?></h2>
			
 
				 <p class="error">
			
 
				 	<strong><?php echo __d('cake_dev', 'Error'); ?>: </strong>
			
 
				-	<?php echo h($error->getMessage()); ?>
			
 
				+	<?php echo $name; ?>
			
 
				 </p>
			
 
				 <?php if (!empty($error->queryString)) : ?>
			
 
				 	<p class="notice">
			
 
				 		<strong><?php echo __d('cake_dev', 'SQL Query'); ?>: </strong>
			
 
				-		<?php echo  $error->queryString; ?>
			
 
				+		<?php echo h($error->queryString); ?>
			
 
				 	</p>
			
 
				 <?php endif; ?>
			
 
				 <?php if (!empty($error->params)) : ?>
			
 
				 		<strong><?php echo __d('cake_dev', 'SQL Query Params'); ?>: </strong>
			
 
				-		<?php echo  Debugger::dump($error->params); ?>
			
 
				+		<?php echo Debugger::dump($error->params); ?>
			
 
				 <?php endif; ?>
			
 
				 <p class="notice">
			
 
				 	<strong><?php echo __d('cake_dev', 'Notice'); ?>: </strong>