Parser: removes all control characters from template [Closes #279]

nette · Nov 26, 2021 · f3196de · f3196de
1 parent 2ce9ce1
commit f3196de
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/src/Latte/Compiler/Parser.php b/src/Latte/Compiler/Parser.php
@@ -91,6 +91,11 @@ public function parse(string $input): array
 			$input = substr($input, 3);
 		}
 
+		if (preg_match('#[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]#', $input, $m, PREG_OFFSET_CAPTURE)) {
+			trigger_error('Template contains control character \x' . dechex(ord($m[0][0])) . ' on line ' . (substr_count($input, "\n", 0, $m[0][1]) + 1) . '.', E_USER_WARNING);
+			$input = preg_replace('#[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]#', '', $input);
+		}
+
 		$this->input = $input = str_replace("\r\n", "\n", $input);
 		$this->offset = 0;
 		$this->line = 1;

diff --git a/tests/Latte/Parser.errors.phpt b/tests/Latte/Parser.errors.phpt
@@ -60,3 +60,10 @@ Assert::exception(function () use (&$parser) {
 	$parser->parse("\n{");
 }, Latte\CompileException::class, 'Malformed macro');
 Assert::same(2, $parser->getLine());
+
+
+Assert::error(function () use (&$res) {
+	$parser = new Parser;
+	$res = $parser->parse("a\x00\x1F\x7Fb");
+}, E_USER_WARNING, 'Template contains control character \x0 on line 1.');
+Assert::same('ab', $res[0]->text);