Skip to content

Commit 14ca4e4

Browse files
dgdg
committed
RoutingPanel: uses Tracy\Helpers::escapeHtml()
1 parent 1bfeb5f commit 14ca4e4

File tree

2 files changed

+13
-11
lines changed

2 files changed

+13
-11
lines changed

src/Bridges/ApplicationTracy/templates/RoutingPanel.panel.phtml

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ namespace Nette\Bridges\ApplicationTracy;
66
use Nette\Application\UI\Presenter;
77
use Tracy;
88
use Tracy\Dumper;
9+
use Tracy\Helpers;
910

1011
?>
1112
<style class="tracy-debug">
@@ -36,7 +37,7 @@ use Tracy\Dumper;
3637
<?php if ($matched === null): ?>
3738
no route
3839
<?php elseif (isset($matched[Presenter::PRESENTER_KEY])): ?>
39-
<?= htmlspecialchars($matched[Presenter::PRESENTER_KEY] . ':' . (isset($matched[Presenter::ACTION_KEY]) ? $matched[Presenter::ACTION_KEY] : Presenter::DEFAULT_ACTION) . (isset($matched[Presenter::SIGNAL_KEY]) ? " {$matched[Presenter::SIGNAL_KEY]}!" : ''), ENT_NOQUOTES, 'UTF-8') ?>
40+
<?= Helpers::escapeHtml($matched[Presenter::PRESENTER_KEY] . ':' . (isset($matched[Presenter::ACTION_KEY]) ? $matched[Presenter::ACTION_KEY] : Presenter::DEFAULT_ACTION) . (isset($matched[Presenter::SIGNAL_KEY]) ? " {$matched[Presenter::SIGNAL_KEY]}!" : '')) ?>
4041
<?php endif ?>
4142
</h1>
4243

@@ -62,37 +63,37 @@ use Tracy\Dumper;
6263
<tr class="<?= $router['matched'] ?>">
6364
<td><?= $router['matched'] === 'yes' ? '' : ($router['matched'] === 'may' ? '' : '') ?></td>
6465

65-
<td><code title="<?= htmlspecialchars($router['class'], ENT_QUOTES, 'UTF-8') ?>"><?= htmlspecialchars($router['mask'] ?? $router['class'], ENT_NOQUOTES, 'UTF-8') ?></code></td>
66+
<td><code title="<?= Helpers::escapeHtml($router['class']) ?>"><?= Helpers::escapeHtml($router['mask'] ?? $router['class']) ?></code></td>
6667

6768
<td><code>
6869
<?php foreach ($router['defaults'] as $key => $value): ?>
69-
<?= htmlspecialchars((string) $key, ENT_IGNORE, 'UTF-8'), '&nbsp;=&nbsp;', is_string($value) ? htmlspecialchars($value, ENT_IGNORE, 'UTF-8') . '<br />' : Dumper::toHtml($value, [Dumper::COLLAPSE => true, Dumper::LIVE => true]) ?>
70+
<?= Helpers::escapeHtml($key), '&nbsp;=&nbsp;', is_string($value) ? Helpers::escapeHtml($value) . '<br />' : Dumper::toHtml($value, [Dumper::COLLAPSE => true, Dumper::LIVE => true]) ?>
7071
<?php endforeach ?>
7172
</code></td>
7273

73-
<?php if ($hasModule): ?><td><code><?= htmlspecialchars($router['module'], ENT_NOQUOTES, 'UTF-8') ?></code></td><?php endif ?>
74+
<?php if ($hasModule): ?><td><code><?= Helpers::escapeHtml($router['module']) ?></code></td><?php endif ?>
7475

7576
<td><?php if ($router['params']): ?><code>
7677
<?php $params = $router['params']; ?>
7778
<?php if (isset($params[Presenter::PRESENTER_KEY])): ?>
78-
<strong><?= htmlspecialchars($params['presenter'] . ':' . (isset($params[Presenter::ACTION_KEY]) ? $params[Presenter::ACTION_KEY] : Presenter::DEFAULT_ACTION), ENT_NOQUOTES, 'UTF-8') ?></strong><br />
79+
<strong><?= Helpers::escapeHtml($params['presenter'] . ':' . (isset($params[Presenter::ACTION_KEY]) ? $params[Presenter::ACTION_KEY] : Presenter::DEFAULT_ACTION)) ?></strong><br />
7980
<?php unset($params[Presenter::PRESENTER_KEY], $params[Presenter::ACTION_KEY]) ?>
8081
<?php endif ?>
8182
<?php foreach ($params as $key => $value): ?>
82-
<?= htmlspecialchars((string) $key, ENT_IGNORE, 'UTF-8'), '&nbsp;=&nbsp;', is_string($value) ? htmlspecialchars($value, ENT_IGNORE, 'UTF-8') . '<br />' : Dumper::toHtml($value, [Dumper::COLLAPSE => true, Dumper::LIVE => true]) ?>
83+
<?= Helpers::escapeHtml($key), '&nbsp;=&nbsp;', is_string($value) ? Helpers::escapeHtml($value) . '<br />' : Dumper::toHtml($value, [Dumper::COLLAPSE => true, Dumper::LIVE => true]) ?>
8384
<?php endforeach ?>
84-
</code><?php elseif ($router['error']): ?><strong><?= htmlspecialchars($router['error']->getMessage(), ENT_IGNORE, 'UTF-8') ?></strong><?php endif ?></td>
85+
</code><?php elseif ($router['error']): ?><strong><?= Helpers::escapeHtml($router['error']->getMessage()) ?></strong><?php endif ?></td>
8586
</tr>
8687
<?php endforeach ?>
8788
</tbody>
8889
</table>
8990
<?php endif ?>
9091

91-
<p><code><?= htmlspecialchars($method, ENT_IGNORE, 'UTF-8') ?></code>
92-
<code><?= htmlspecialchars($url->getBaseUrl(), ENT_IGNORE, 'UTF-8') ?><span class="nette-RoutingPanel-rel"><?= htmlspecialchars($url->getRelativeUrl(), ENT_IGNORE, 'UTF-8') ?></span></code></p>
92+
<p><code><?= Helpers::escapeHtml($method) ?></code>
93+
<code><?= Helpers::escapeHtml($url->getBaseUrl()) ?><span class="nette-RoutingPanel-rel"><?= Helpers::escapeHtml($url->getRelativeUrl()) ?></span></code></p>
9394

9495
<?php if ($source): ?>
95-
<p><a href="<?= htmlspecialchars(Tracy\Helpers::editorUri($source->getFileName(), $source->getStartLine()), ENT_QUOTES, 'UTF-8') ?>"><?= $source instanceof \ReflectionClass ? $source->getName() : $source->getDeclaringClass()->getName() . '::' . $source->getName() . '()' ?></a></p>
96+
<p><a href="<?= Helpers::escapeHtml(Tracy\Helpers::editorUri($source->getFileName(), $source->getStartLine())) ?>"><?= $source instanceof \ReflectionClass ? $source->getName() : $source->getDeclaringClass()->getName() . '::' . $source->getName() . '()' ?></a></p>
9697
<?php endif ?>
9798
</div>
9899
</div>

src/Bridges/ApplicationTracy/templates/RoutingPanel.tab.phtml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,12 @@ declare(strict_types=1);
44
namespace Nette\Bridges\ApplicationTracy;
55

66
use Nette\Application\UI\Presenter;
7+
use Tracy\Helpers;
78

89
?>
910
<span title="Router">
1011
<svg viewBox="0 0 2048 2048">
1112
<path fill="#d86b01" d="m1559.7 1024c0 17-6 32-19 45l-670 694.48c-13 13-28 19-45 19s-32-6-45-19-19-28-19-45v-306.48h-438.52c-17 0-32-6-45-19s-19-28-19-45v-642c0-17 6-32 19-45s28-19 45-19h438.52v-309.41c0-17 6-32 19-45s28-19 45-19 32 6 45 19l670 691.41c13 13 19 28 19 45z"/>
1213
<path d="m1914.7 1505c0 79-31 147-87 204-56 56-124 85-203 85h-320c-9 0-16-3-22-9-14-23-21-90 3-110 5-4 12-6 21-6h320c44 0 82-16 113-47s47-69 47-113v-962c0-44-16-82-47-113s-69-47-113-47h-312c-11 0-21-3-30-9-15-25-21-90 3-110 5-4 12-6 21-6h320c79 0 147 28 204 85 56 56 82 124 82 204-9 272 9 649 0 954z" fill-opacity=".5" fill="#d86b01"/>
13-
</svg><span class="tracy-label"><?php if ($matched === null): ?>no route<?php elseif (isset($matched[Presenter::PRESENTER_KEY])): echo htmlspecialchars($matched[Presenter::PRESENTER_KEY] . ':' . (isset($matched[Presenter::ACTION_KEY]) ? $matched[Presenter::ACTION_KEY] : Presenter::DEFAULT_ACTION) . (isset($matched[Presenter::SIGNAL_KEY]) ? " {$matched[Presenter::SIGNAL_KEY]}!" : ''), ENT_NOQUOTES, 'UTF-8'); endif ?></span>
14+
</svg><span class="tracy-label"><?php if ($matched === null): ?>no route<?php elseif (isset($matched[Presenter::PRESENTER_KEY])): echo Helpers::escapeHtml($matched[Presenter::PRESENTER_KEY] . ':' . (isset($matched[Presenter::ACTION_KEY]) ? $matched[Presenter::ACTION_KEY] : Presenter::DEFAULT_ACTION) . (isset($matched[Presenter::SIGNAL_KEY]) ? " {$matched[Presenter::SIGNAL_KEY]}!" : '')); endif ?></span>
1415
</span>

0 commit comments

Comments
 (0)