TheCoreDev/sterivein
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

escape view parameter

Browse Source
This commit is contained in:
Manuel Raynaud
2013-10-09 09:05:48 +02:00
parent e8fd822795
commit d866ffaaf5
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
core/lib/Thelia/Core/Template/Smarty/SmartyParser.php
View File

@@ -212,14 +212,14 @@ class SmartyParser extends Smarty implements ParserInterface
$templateDir = realpath(THELIA_TEMPLATE_DIR . rtrim($this->template, "/") . "/");
if (strpos($pathFileName, $templateDir) !== 0) {
throw new ResourceNotFoundException(sprintf("'%s' view does not exists", $file));
throw new ResourceNotFoundException(sprintf("'%s' view does not exists", htmlspecialchars($file)));
}
if (!file_exists($fileName)) {
$fileName .= ".html";
if (!file_exists($fileName)) {
throw new ResourceNotFoundException(sprintf("'%s' file not found in %s template", $file, $this->template));
throw new ResourceNotFoundException(sprintf("'%s' file not found in %s template", htmlspecialchars($file), $this->template));
}
}