Escape SSI virtual in generated response

Jérémy Derussé · Jérémy Derussé · commit 464ea3a7dc2d · 2014-09-04T20:59:01.000+02:00
diff --git a/HttpCache/Ssi.php b/HttpCache/Ssi.php
@@ -188,10 +188,8 @@ private function handleIncludeTag($attributes)
             throw new \RuntimeException('Unable to process an SSI tag without a "virtual" attribute.');
         }
 
-        return sprintf('<?php echo $this->surrogate->handle($this, \'%s\', \'%s\', %s) ?>' . "\n",
-            $options['virtual'],
-            '',
-            'false'
+        return sprintf('<?php echo $this->surrogate->handle($this, %s, \'\', false) ?>' . "\n",
+            var_export($options['virtual'], true)
         );
     }
 }
diff --git a/Tests/HttpCache/SsiTest.php b/Tests/HttpCache/SsiTest.php
@@ -101,6 +101,11 @@ public function testProcess()
 
         $this->assertEquals('foo <?php echo $this->surrogate->handle($this, \'...\', \'\', false) ?>'."\n", $response->getContent());
         $this->assertEquals('SSI', $response->headers->get('x-body-eval'));
+
+        $response = new Response('foo <!--#include virtual="foo\'" -->');
+        $ssi->process($request, $response);
+
+        $this->assertEquals("foo <?php echo \$this->surrogate->handle(\$this, 'foo\\'', '', false) ?>"."\n", $response->getContent());
     }
 
     public function testProcessEscapesPhpTags()

Original file line number	Diff line number	Diff line change
`@@ -188,10 +188,8 @@ private function handleIncludeTag($attributes)`
`188`	`188`	`throw new \RuntimeException('Unable to process an SSI tag without a "virtual" attribute.');`
`189`	`189`	`}`
`190`	`190`
`191`		`- return sprintf('<?php echo $this->surrogate->handle($this, \'%s\', \'%s\', %s) ?>' . "\n",`
`192`		`- $options['virtual'],`
`193`		`- '',`
`194`		`- 'false'`
	`191`	`+ return sprintf('<?php echo $this->surrogate->handle($this, %s, \'\', false) ?>' . "\n",`
	`192`	`+ var_export($options['virtual'], true)`
`195`	`193`	`);`
`196`	`194`	`}`
`197`	`195`	`}`