Merge pull request #172 from mehulmpt/master

oscarotero · web-flow · commit 40d6bda8f8fa · 2016-12-15T09:23:58.000+01:00
Fixed possible XSS attack
diff --git a/src/Embed.php b/src/Embed.php
@@ -48,10 +48,10 @@ public static function create($request, array $config = array())
         $error = $request->getError();
 
         if (empty($error)) {
-            throw new Exceptions\InvalidUrlException(sprintf("The url '%s' returns the http code %s", $request->getUrl(), $request->getHttpCode()));
+            throw new Exceptions\InvalidUrlException(sprintf("The url '%s' returns the http code %s", htmlentities($request->getUrl()), $request->getHttpCode()));
         }
 
-        throw new Exceptions\InvalidUrlException(sprintf("The url '%s' returns the following error: %s", $request->getUrl(), $error));
+        throw new Exceptions\InvalidUrlException(sprintf("The url '%s' returns the following error: %s", htmlentities($request->getUrl()), $error));
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -48,10 +48,10 @@ public static function create($request, array $config = array())`
`48`	`48`	`$error = $request->getError();`
`49`	`49`
`50`	`50`	`if (empty($error)) {`
`51`		`- throw new Exceptions\InvalidUrlException(sprintf("The url '%s' returns the http code %s", $request->getUrl(), $request->getHttpCode()));`
	`51`	`+ throw new Exceptions\InvalidUrlException(sprintf("The url '%s' returns the http code %s", htmlentities($request->getUrl()), $request->getHttpCode()));`
`52`	`52`	`}`
`53`	`53`
`54`		`- throw new Exceptions\InvalidUrlException(sprintf("The url '%s' returns the following error: %s", $request->getUrl(), $error));`
	`54`	`+ throw new Exceptions\InvalidUrlException(sprintf("The url '%s' returns the following error: %s", htmlentities($request->getUrl()), $error));`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`/**`