|
Revision 8201, 0.9 kB
(checked in by fabien, 5 years ago)
|
removed 'bc' escaping strategy (upgrade is needed)
- removed 'bc' escaping strategy as it gave a false sense of security (you were only secure by using $sf_data everywhere in templates!)
- added 2 new options to the generate:app task (--escaping-strategy and --csrf-secret) to configure the level of security when creating a new application
- default escaping strategy is now false (was bc before)
- the sf_content variable is not escaped anymore (so the layout can now just echo $sf_content - upgrade task makes the changes for you)
- the form_csrf_secret has been renamed to csrf_secret
- updated the unit tests accordingly
|
- Property svn:mime-type set to
text/x-php
- Property svn:eol-style set to
native
- Property svn:keywords set to
Id
|
| Line | |
|---|
| 1 |
<?php |
|---|
| 2 |
|
|---|
| 3 |
|
|---|
| 4 |
|
|---|
| 5 |
|
|---|
| 6 |
|
|---|
| 7 |
|
|---|
| 8 |
|
|---|
| 9 |
|
|---|
| 10 |
|
|---|
| 11 |
|
|---|
| 12 |
|
|---|
| 13 |
|
|---|
| 14 |
|
|---|
| 15 |
|
|---|
| 16 |
|
|---|
| 17 |
|
|---|
| 18 |
|
|---|
| 19 |
class sfLayoutUpgrade extends sfUpgrade |
|---|
| 20 |
{ |
|---|
| 21 |
public function upgrade() |
|---|
| 22 |
{ |
|---|
| 23 |
$finder = $this->getFinder('file')->name('*.php'); |
|---|
| 24 |
foreach ($finder->in(glob(sfConfig::get('sf_apps_dir').'/*/templates')) as $file) |
|---|
| 25 |
{ |
|---|
| 26 |
$content = file_get_contents($file); |
|---|
| 27 |
$content = preg_replace('#\$sf_data\->getRaw\(\'sf_content\'\)#s', '$sf_content', $content, -1, $count); |
|---|
| 28 |
if ($count) |
|---|
| 29 |
{ |
|---|
| 30 |
$this->logSection('layout', sprintf('Migrating %s', $file)); |
|---|
| 31 |
file_put_contents($file, $content); |
|---|
| 32 |
} |
|---|
| 33 |
} |
|---|
| 34 |
} |
|---|
| 35 |
} |
|---|
| 36 |
|
|---|
