MDL-14679 fixed double encoding of html entities in debuginfo coming from the dml...

author Petr Skoda <skodak@moodle.org>

Sat, 20 Mar 2010 13:46:15 +0000 (13:46 +0000)

committer Petr Skoda <skodak@moodle.org>

Sat, 20 Mar 2010 13:46:15 +0000 (13:46 +0000)
author Petr Skoda <skodak@moodle.org>
Sat, 20 Mar 2010 13:46:15 +0000 (13:46 +0000)
committer Petr Skoda <skodak@moodle.org>
Sat, 20 Mar 2010 13:46:15 +0000 (13:46 +0000)
diff --git a/lib/ddllib.php b/lib/ddllib.php

index 75b069a..3e25116 100644 (file)
--- a/lib/ddllib.php
+++ b/lib/ddllib.php
@@ -126,7 +126,7 @@ class ddl_change_structure_exception extends ddl_exception {
      function __construct($error, $sql=null) {
          $this->error = $error;
          $this->sql   = $sql;
-        $errorinfo   = s($error).'<br /><br />'.s($sql);
+        $errorinfo   = $error."\n".$sql;
          parent::__construct('ddlexecuteerror', NULL, $errorinfo);
      }
  }
diff --git a/lib/dmllib.php b/lib/dmllib.php

index e418d37..5f25341 100644 (file)
--- a/lib/dmllib.php
+++ b/lib/dmllib.php
@@ -71,7 +71,7 @@ class dml_connection_exception extends dml_exception {
       * @param string $error
       */
      function __construct($error) {
-        $errorinfo = '<em>'.s($error).'</em>';
+        $errorinfo = $error;
          parent::__construct('dbconnectionfailed', NULL, $errorinfo);
      }
  }
@@ -97,7 +97,7 @@ class dml_read_exception extends dml_exception {
          $this->error  = $error;
          $this->sql    = $sql;
          $this->params = $params;
-        $errorinfo = s($error).'<br /><br />'.s($sql).'<br />['.s(var_export($params, true)).']';
+        $errorinfo = $error."\n".$sql."\n[".var_export($params, true).']';
          parent::__construct('dmlreadexception', NULL, $errorinfo);
      }
  }
@@ -118,7 +118,7 @@ class dml_multiple_records_exception extends dml_exception {
       * @param array $params
       */
      function __construct($sql='', array $params=null) {
-        $errorinfo = s($sql).'<br />['.s(var_export($params, true)).']';
+        $errorinfo = $sql."\n[".var_export($params, true).']';
          parent::__construct('multiplerecordsfound', null, $errorinfo);
      }
  }
@@ -165,7 +165,7 @@ class dml_missing_record_exception extends dml_exception {
                  $errcode = 'invalidrecord';
                  break;
          }
-        $errorinfo = s($sql).'<br />['.s(var_export($params, true)).']';
+        $errorinfo = $sql."\n[".var_export($params, true).']';
          parent::__construct($errcode, $tablename, $errorinfo);
      }
  }
@@ -191,7 +191,7 @@ class dml_write_exception extends dml_exception {
          $this->error  = $error;
          $this->sql    = $sql;
          $this->params = $params;
-        $errorinfo = s($error).'<br /><br />'.s($sql).'<br />['.s(var_export($params, true)).']';
+        $errorinfo = $error."\n".$sql."\n[".var_export($params, true).']';
          parent::__construct('dmlwriteexception', NULL, $errorinfo);
      }
  }
diff --git a/lib/outputrenderers.php b/lib/outputrenderers.php

index 36159a8..2b21610 100644 (file)
--- a/lib/outputrenderers.php
+++ b/lib/outputrenderers.php
@@ -1698,7 +1698,9 @@ END;
  
          if (debugging('', DEBUG_DEVELOPER)) {
              if (!empty($debuginfo)) {
-                $output .= $this->notification('<strong>Debug info:</strong> '.s($debuginfo), 'notifytiny');
+                $debuginfo = s($debuginfo); // removes all nasty JS
+                $debuginfo = str_replace("\n", '<br />', $debuginfo); // keep newlines
+                $output .= $this->notification('<strong>Debug info:</strong> '.$debuginfo, 'notifytiny');
              }
              if (!empty($backtrace)) {
                  $output .= $this->notification('<strong>Stack trace:</strong> '.format_backtrace($backtrace), 'notifytiny');
diff --git a/lib/setuplib.php b/lib/setuplib.php

index 9ef3b0c..dc4979d 100644 (file)
--- a/lib/setuplib.php
+++ b/lib/setuplib.php
@@ -933,7 +933,9 @@ width: 80%; -moz-border-radius: 20px; padding: 15px">
  </div>';
          if (!empty($CFG->debug) && $CFG->debug >= DEBUG_DEVELOPER) {
              if (!empty($debuginfo)) {
-                $content .= '<div class="notifytiny">Debug info: ' . s($debuginfo) . '</div>';
+                $debuginfo = s($debuginfo); // removes all nasty JS
+                $debuginfo = str_replace("\n", '<br />', $debuginfo); // keep newlines
+                $content .= '<div class="notifytiny">Debug info: ' . $debuginfo . '</div>';
              }
              if (!empty($backtrace)) {
                  $content .= '<div class="notifytiny">Stack trace: ' . format_backtrace($backtrace, false) . '</div>';
author	Petr Skoda <skodak@moodle.org>
	Sat, 20 Mar 2010 13:46:15 +0000 (13:46 +0000)
committer	Petr Skoda <skodak@moodle.org>
	Sat, 20 Mar 2010 13:46:15 +0000 (13:46 +0000)
lib/ddllib.php		patch \| blob \| blame \| history
lib/dmllib.php		patch \| blob \| blame \| history
lib/outputrenderers.php		patch \| blob \| blame \| history
lib/setuplib.php		patch \| blob \| blame \| history