ZF-11130: Default Zend_Tool generated ErrorController view script should escape request variables when in development mode

Issue Type: Bug Created: 2011-03-02T07:47:09.000+0000 Last Updated: 2011-03-02T07:55:35.000+0000 Status: Resolved Fix version(s): - 1.11.4 (03/Mar/11)

Reporter: Ralph Schindler (ralph) Assignee: Ralph Schindler (ralph) Tags: - Zend_Tool

Related issues: Attachments:


<pre class="highlight">
<?php echo var_export($this->request->getParams(), true) ?>

should be replaced with

<pre class="highlight">
<?php echo htmlspecialchars(var_export($this->request->getParams(), true), ENT_QUOTES, "UTF-8") ?>


Posted by Ralph Schindler (ralph) on 2011-03-02T07:55:35.000+0000

Fixed in trunk at r23786 and in release branch 1.11 in r23787

Have you found an issue?

See the Overview section for more details.


© 2006-2016 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.