Commit 74d6632d authored by xjm's avatar xjm

Issue #2564321 by alexpott: file_save_htaccess() generates error logs which are escaped incorrectly

parent 5e8523ec
......@@ -371,8 +371,8 @@ function file_save_htaccess($directory, $private = TRUE, $force_overwrite = FALS
return drupal_chmod($htaccess_path, 0444);
}
else {
$variables = array('%directory' => $directory, '!htaccess' => '<br />' . nl2br(Html::escape($htaccess_lines)));
\Drupal::logger('security')->error("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: <code>!htaccess</code>", $variables);
$variables = array('%directory' => $directory, '@htaccess' => $htaccess_lines);
\Drupal::logger('security')->error("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: <pre><code>@htaccess</code></pre>", $variables);
return FALSE;
}
}
......
<?php
/**
* @file
* Contains \Drupal\system\Tests\File\FileSaveHtaccessLoggingTest.
*/
namespace Drupal\system\Tests\File;
use Drupal\Component\PhpStorage\FileStorage;
use Drupal\simpletest\WebTestBase;
/**
* Tests the log message added by file_save_htacess().
*
* @group File
*/
class FileSaveHtaccessLoggingTest extends WebTestBase {
protected static $modules = ['dblog'];
/**
* Tests file_save_htaccess().
*/
function testHtaccessSave() {
// Prepare test directories.
$private = $this->publicFilesDirectory . '/test/private';
// Verify that file_save_htaccess() returns FALSE if .htaccess cannot be
// written and writes a correctly formatted message to the error log. Set
// $private to TRUE so all possible .htaccess lines are written.
$this->assertFalse(file_save_htaccess($private, TRUE));
$this->drupalLogin($this->rootUser);
$this->drupalGet('admin/reports/dblog');
$this->clickLink("Security warning: Couldn't write .htaccess file. Please…");
$lines = FileStorage::htaccessLines(TRUE);
foreach (array_filter(explode("\n", $lines)) as $line) {
$this->assertEscaped($line);
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment