ZF-11130: Default Zend_Tool generated ErrorController view script should escape request variables when in development mode

Issue Type:
Bug
Created:
2011-03-02T07:47:09.000+0000
Last Updated:
2011-03-02T07:55:35.000+0000
Status:
Resolved
Fix version(s):
  • 1.11.4 (03/Mar/11)
Reporter:
Ralph Schindler (ralph)
Assignee:
Ralph Schindler (ralph)
Tags:
  • Zend_Tool
Related issues:
Attachments:

Description


<?php echo var_export($this->request->getParams(), true) ?>

should be replaced with


<?php echo htmlspecialchars(var_export($this->request->getParams(), true), ENT_QUOTES, "UTF-8") ?>

Comments

Posted by Ralph Schindler (ralph) on 2011-03-02T07:55:35.000+0000

Fixed in trunk at r23786 and in release branch 1.11 in r23787