diff options
-rw-r--r-- | includes/errors.inc | 2 | ||||
-rw-r--r-- | modules/simpletest/tests/system_test.module | 6 | ||||
-rw-r--r-- | modules/system/system.test | 4 |
3 files changed, 11 insertions, 1 deletions
diff --git a/includes/errors.inc b/includes/errors.inc index 96bf8fdb2..990f60cfd 100644 --- a/includes/errors.inc +++ b/includes/errors.inc @@ -135,7 +135,7 @@ function _drupal_decode_exception($exception) { * An error message. */ function _drupal_render_exception_safe($exception) { - return strtr('%type: %message in %function (line %line of %file).', _drupal_decode_exception($exception)); + return check_plain(strtr('%type: %message in %function (line %line of %file).', _drupal_decode_exception($exception))); } /** diff --git a/modules/simpletest/tests/system_test.module b/modules/simpletest/tests/system_test.module index b902fd6ca..1209015fb 100644 --- a/modules/simpletest/tests/system_test.module +++ b/modules/simpletest/tests/system_test.module @@ -303,5 +303,11 @@ function _system_test_second_shutdown_function($arg1, $arg2) { // Output something, page has already been printed and the session stored // so we can't use drupal_set_message. print t('Second shutdown function, arg1 : @arg1, arg2: @arg2', array('@arg1' => $arg1, '@arg2' => $arg2)); + + // Throw an exception with an HTML tag. Since this is called in a shutdown + // function, it will not bubble up to the default exception handler but will + // be catched in _drupal_shutdown_function() and be displayed through + // _drupal_render_exception_safe(). + throw new Exception('Drupal is <blink>awesome</blink>.'); } diff --git a/modules/system/system.test b/modules/system/system.test index b2da62566..c97c50914 100644 --- a/modules/system/system.test +++ b/modules/system/system.test @@ -1818,6 +1818,10 @@ class ShutdownFunctionsTest extends DrupalWebTestCase { $this->drupalGet('system-test/shutdown-functions/' . $arg1 . '/' . $arg2); $this->assertText(t('First shutdown function, arg1 : @arg1, arg2: @arg2', array('@arg1' => $arg1, '@arg2' => $arg2))); $this->assertText(t('Second shutdown function, arg1 : @arg1, arg2: @arg2', array('@arg1' => $arg1, '@arg2' => $arg2))); + + // Make sure exceptions displayed through _drupal_render_exception_safe() + // are correctly escaped. + $this->assertText('Drupal is <blink>awesome</blink>.'); } } |