Skip to content

Commit 0a42f85

Browse files
dgdg
committed
ConnectionPanel: uses Tracy\Helpers::escapeHtml()
1 parent 76ae9d3 commit 0a42f85

File tree

2 files changed

+12
-9
lines changed

2 files changed

+12
-9
lines changed

src/Bridges/DatabaseTracy/templates/ConnectionPanel.panel.phtml

+9-8
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,9 @@ declare(strict_types=1);
33

44
namespace Nette\Bridges\DatabaseTracy;
55

6-
use Nette\Database\Helpers;
6+
use Nette\Database\Helpers as DbHelpers;
77
use Tracy;
8+
use Tracy\Helpers;
89

910
?>
1011
<style class="tracy-debug">
@@ -13,8 +14,8 @@ use Tracy;
1314
#tracy-debug .nette-DbConnectionPanel-explain td { white-space: pre }
1415
</style>
1516

16-
<h1 title="<?= htmlspecialchars($connection->getDsn(), ENT_QUOTES, 'UTF-8') ?>">Queries: <?php
17-
echo $count, ($totalTime ? sprintf(', time: %0.3f ms', $totalTime * 1000) : ''), ', ', htmlspecialchars($name, ENT_NOQUOTES, 'UTF-8') ?></h1>
17+
<h1 title="<?= Helpers::escapeHtml($connection->getDsn()) ?>">Queries: <?php
18+
echo $count, ($totalTime ? sprintf(', time: %0.3f ms', $totalTime * 1000) : ''), ', ', Helpers::escapeHtml($name) ?></h1>
1819

1920
<div class="tracy-inner">
2021
<div class="tracy-inner-container">
@@ -27,31 +28,31 @@ use Tracy;
2728
<tr>
2829
<td>
2930
<?php if ($error): ?>
30-
<span title="<?= htmlspecialchars($error, ENT_IGNORE | ENT_QUOTES, 'UTF-8') ?>">ERROR</span>
31+
<span title="<?= Helpers::escapeHtml($error) ?>">ERROR</span>
3132
<?php elseif ($time !== null): echo sprintf('%0.3f', $time * 1000); endif ?>
3233
<?php if ($explain): ?>
3334
<br /><a class="tracy-toggle tracy-collapsed" data-tracy-ref="^tr .nette-DbConnectionPanel-explain">explain</a>
3435
<?php endif ?>
3536
</td>
36-
<td class="nette-DbConnectionPanel-sql"><?= Helpers::dumpSql($sql, $params, $connection) ?>
37+
<td class="nette-DbConnectionPanel-sql"><?= DbHelpers::dumpSql($sql, $params, $connection) ?>
3738
<?php if ($explain): ?>
3839
<table class="tracy-collapsed nette-DbConnectionPanel-explain">
3940
<tr>
4041
<?php foreach ($explain[0] as $col => $foo): ?>
41-
<th><?= htmlspecialchars((string) $col, ENT_NOQUOTES, 'UTF-8') ?></th>
42+
<th><?= Helpers::escapeHtml($col) ?></th>
4243
<?php endforeach ?>
4344
</tr>
4445
<?php foreach ($explain as $row): ?>
4546
<tr>
4647
<?php foreach ($row as $col): ?>
47-
<td><?= htmlspecialchars((string) $col, ENT_NOQUOTES, 'UTF-8') ?></td>
48+
<td><?= Helpers::escapeHtml($col) ?></td>
4849
<?php endforeach ?>
4950
</tr>
5051
<?php endforeach ?>
5152
</table>
5253
<?php endif ?>
5354
<?php if ($source) {
54-
echo substr_replace(Tracy\Helpers::editorLink($source[0], $source[1]), ' class="nette-DbConnectionPanel-source"', 2, 0);
55+
echo substr_replace(Helpers::editorLink($source[0], $source[1]), ' class="nette-DbConnectionPanel-source"', 2, 0);
5556
} ?>
5657
</td>
5758
<td><?= $rows ?></td>

src/Bridges/DatabaseTracy/templates/ConnectionPanel.tab.phtml

+3-1
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,10 @@ declare(strict_types=1);
33

44
namespace Nette\Bridges\DatabaseTracy;
55

6+
use Tracy\Helpers;
7+
68
?>
7-
<span title="Nette\Database <?= htmlspecialchars($name, ENT_QUOTES, 'UTF-8') ?>">
9+
<span title="Nette\Database <?= Helpers::escapeHtml($name) ?>">
810
<svg viewBox="0 0 2048 2048"><path fill="<?= $count ? '#b079d6' : '#aaa' ?>" d="M1024 896q237 0 443-43t325-127v170q0 69-103 128t-280 93.5-385 34.5-385-34.5-280-93.5-103-128v-170q119 84 325 127t443 43zm0 768q237 0 443-43t325-127v170q0 69-103 128t-280 93.5-385 34.5-385-34.5-280-93.5-103-128v-170q119 84 325 127t443 43zm0-384q237 0 443-43t325-127v170q0 69-103 128t-280 93.5-385 34.5-385-34.5-280-93.5-103-128v-170q119 84 325 127t443 43zm0-1152q208 0 385 34.5t280 93.5 103 128v128q0 69-103 128t-280 93.5-385 34.5-385-34.5-280-93.5-103-128v-128q0-69 103-128t280-93.5 385-34.5z"/>
911
</svg><span class="tracy-label"><?= ($totalTime ? sprintf('%0.1f ms / ', $totalTime * 1000) : '') . $count ?></span>
1012
</span>

0 commit comments

Comments
 (0)