Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ConnectionPanel: uses Tracy\Helpers::escapeHtml()
Browse files Browse the repository at this point in the history
dg committed Mar 11, 2019

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 76ae9d3 commit 0a42f85
Showing 2 changed files with 12 additions and 9 deletions.
17 changes: 9 additions & 8 deletions src/Bridges/DatabaseTracy/templates/ConnectionPanel.panel.phtml
Original file line number Diff line number Diff line change
@@ -3,8 +3,9 @@ declare(strict_types=1);

namespace Nette\Bridges\DatabaseTracy;

use Nette\Database\Helpers;
use Nette\Database\Helpers as DbHelpers;
use Tracy;
use Tracy\Helpers;

?>
<style class="tracy-debug">
@@ -13,8 +14,8 @@ use Tracy;
#tracy-debug .nette-DbConnectionPanel-explain td { white-space: pre }
</style>

<h1 title="<?= htmlspecialchars($connection->getDsn(), ENT_QUOTES, 'UTF-8') ?>">Queries: <?php
echo $count, ($totalTime ? sprintf(', time: %0.3f ms', $totalTime * 1000) : ''), ', ', htmlspecialchars($name, ENT_NOQUOTES, 'UTF-8') ?></h1>
<h1 title="<?= Helpers::escapeHtml($connection->getDsn()) ?>">Queries: <?php
echo $count, ($totalTime ? sprintf(', time: %0.3f ms', $totalTime * 1000) : ''), ', ', Helpers::escapeHtml($name) ?></h1>

<div class="tracy-inner">
<div class="tracy-inner-container">
@@ -27,31 +28,31 @@ use Tracy;
<tr>
<td>
<?php if ($error): ?>
<span title="<?= htmlspecialchars($error, ENT_IGNORE | ENT_QUOTES, 'UTF-8') ?>">ERROR</span>
<span title="<?= Helpers::escapeHtml($error) ?>">ERROR</span>
<?php elseif ($time !== null): echo sprintf('%0.3f', $time * 1000); endif ?>
<?php if ($explain): ?>
<br /><a class="tracy-toggle tracy-collapsed" data-tracy-ref="^tr .nette-DbConnectionPanel-explain">explain</a>
<?php endif ?>
</td>
<td class="nette-DbConnectionPanel-sql"><?= Helpers::dumpSql($sql, $params, $connection) ?>
<td class="nette-DbConnectionPanel-sql"><?= DbHelpers::dumpSql($sql, $params, $connection) ?>
<?php if ($explain): ?>
<table class="tracy-collapsed nette-DbConnectionPanel-explain">
<tr>
<?php foreach ($explain[0] as $col => $foo): ?>
<th><?= htmlspecialchars((string) $col, ENT_NOQUOTES, 'UTF-8') ?></th>
<th><?= Helpers::escapeHtml($col) ?></th>
<?php endforeach ?>
</tr>
<?php foreach ($explain as $row): ?>
<tr>
<?php foreach ($row as $col): ?>
<td><?= htmlspecialchars((string) $col, ENT_NOQUOTES, 'UTF-8') ?></td>
<td><?= Helpers::escapeHtml($col) ?></td>
<?php endforeach ?>
</tr>
<?php endforeach ?>
</table>
<?php endif ?>
<?php if ($source) {
echo substr_replace(Tracy\Helpers::editorLink($source[0], $source[1]), ' class="nette-DbConnectionPanel-source"', 2, 0);
echo substr_replace(Helpers::editorLink($source[0], $source[1]), ' class="nette-DbConnectionPanel-source"', 2, 0);
} ?>
</td>
<td><?= $rows ?></td>
Original file line number Diff line number Diff line change
@@ -3,8 +3,10 @@ declare(strict_types=1);

namespace Nette\Bridges\DatabaseTracy;

use Tracy\Helpers;

?>
<span title="Nette\Database <?= htmlspecialchars($name, ENT_QUOTES, 'UTF-8') ?>">
<span title="Nette\Database <?= Helpers::escapeHtml($name) ?>">
<svg viewBox="0 0 2048 2048"><path fill="<?= $count ? '#b079d6' : '#aaa' ?>" d="M1024 896q237 0 443-43t325-127v170q0 69-103 128t-280 93.5-385 34.5-385-34.5-280-93.5-103-128v-170q119 84 325 127t443 43zm0 768q237 0 443-43t325-127v170q0 69-103 128t-280 93.5-385 34.5-385-34.5-280-93.5-103-128v-170q119 84 325 127t443 43zm0-384q237 0 443-43t325-127v170q0 69-103 128t-280 93.5-385 34.5-385-34.5-280-93.5-103-128v-170q119 84 325 127t443 43zm0-1152q208 0 385 34.5t280 93.5 103 128v128q0 69-103 128t-280 93.5-385 34.5-385-34.5-280-93.5-103-128v-128q0-69 103-128t280-93.5 385-34.5z"/>
</svg><span class="tracy-label"><?= ($totalTime ? sprintf('%0.1f ms / ', $totalTime * 1000) : '') . $count ?></span>
</span>

0 comments on commit 0a42f85

Please sign in to comment.