RSS Feed/News Bug: `<xf:reactions>` template tag missing assertAttribute('link') validation, causing E_WARNING crash instead of proper compiler error

Status
Not open for further replies.
ENXF NET

ENXF NET

Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
Joined
Nov 13, 2018
Messages
31,722
Points
823

Reputation:

File: src/XF/Template/Compiler/Tag/Reactions.php

Summary:

The <xf:reactions> template tag compiler accesses $tag->attributes['link'] at line 25 without first calling assertAttribute('link'). If a developer uses <xf:reactions> without the required link attribute, template compilation fatally crashes with a raw PHP E_WARNING that XF's error handler promotes to an ErrorException, instead of receiving...

Read more

Continue reading...
 
Status
Not open for further replies.
Top