mirror of
https://github.com/getgrav/grav.git
synced 2025-02-20 19:56:53 +01:00
Fixed unescaped error messages in JSON error responses
This commit is contained in:
Matias Griese
parent
3d0d836d92
commit
a723bcdb46
|
|
@ -2,10 +2,11 @@
|
|||
## mm/dd/2021
|
||||
|
||||
1. [](#improved)
|
||||
* Use Symfony `dump` instead of PHP's `vardump` in side the `{{ vardump(x) }}` Twig vardump function
|
||||
* Added `route` and `request` to `onPagesInitialized` event
|
||||
* Improved page cloning, added method `Page::initialize()`
|
||||
|
||||
* Use Symfony `dump` instead of PHP's `vardump` in side the `{{ vardump(x) }}` Twig vardump function
|
||||
* Added `route` and `request` to `onPagesInitialized` event
|
||||
* Improved page cloning, added method `Page::initialize()`
|
||||
2. [](#bugfix)
|
||||
* Fixed unescaped error messages in JSON error responses
|
||||
|
||||
# v1.7.24
|
||||
## 10/26/2021
|
||||
|
|
|
|||
|
|
@ -203,7 +203,7 @@ trait ControllerResponseTrait
|
|||
protected function getErrorJson(Throwable $e): array
|
||||
{
|
||||
$code = $this->getErrorCode($e instanceof RequestException ? $e->getHttpCode() : $e->getCode());
|
||||
$message = $e->getMessage();
|
||||
$message = htmlspecialchars($e->getMessage(), ENT_QUOTES | ENT_HTML5, 'UTF-8');
|
||||
$response = [
|
||||
'code' => $code,
|
||||
'status' => 'error',
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ namespace Grav\Framework\RequestHandler\Middlewares;
|
|||
use Grav\Common\Debugger;
|
||||
use Grav\Common\Grav;
|
||||
use Grav\Framework\Psr7\Response;
|
||||
use JsonException;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Psr\Http\Server\MiddlewareInterface;
|
||||
|
|
@ -27,15 +28,26 @@ use function get_class;
|
|||
*/
|
||||
class Exceptions implements MiddlewareInterface
|
||||
{
|
||||
/**
|
||||
* @param ServerRequestInterface $request
|
||||
* @param RequestHandlerInterface $handler
|
||||
* @return ResponseInterface
|
||||
* @throws JsonException
|
||||
*/
|
||||
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
|
||||
{
|
||||
try {
|
||||
return $handler->handle($request);
|
||||
} catch (Throwable $exception) {
|
||||
$code = $exception->getCode();
|
||||
$message = htmlspecialchars($exception->getMessage(), ENT_QUOTES | ENT_HTML5, 'UTF-8');
|
||||
$response = [
|
||||
'code' => $code,
|
||||
'status' => 'error',
|
||||
'message' => $message,
|
||||
'error' => [
|
||||
'code' => $exception->getCode(),
|
||||
'message' => $exception->getMessage(),
|
||||
'code' => $code,
|
||||
'message' => $message,
|
||||
]
|
||||
];
|
||||
|
||||
|
|
@ -51,9 +63,9 @@ class Exceptions implements MiddlewareInterface
|
|||
}
|
||||
|
||||
/** @var string $json */
|
||||
$json = json_encode($response);
|
||||
$json = json_encode($response, JSON_THROW_ON_ERROR);
|
||||
|
||||
return new Response($exception->getCode() ?: 500, ['Content-Type' => 'application/json'], $json);
|
||||
return new Response($code ?: 500, ['Content-Type' => 'application/json'], $json);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user