summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2013-07-18 12:34:27 +0200
committerFlorian Pritz <bluewind@xinu.at>2013-07-18 12:34:27 +0200
commit3f6573b15c7395a76b9ee5e810331975baf080cf (patch)
tree311640749deef9f835bf8837ec8daff30988458a
parent05a4d686b578794c180ddfaf4945a9d7443f330e (diff)
file/download: output html directly, don't use output class
$this->output->parse_exec_vars is a protected variable so we can't access it like the documentation suggests (yes this is a bug that should be reported...), but even if it worked I'm not confident the output class should be trusted with arbitrary input. Upstream might at some point add another "feature" so this is the safe way to go. Signed-off-by: Florian Pritz <bluewind@xinu.at>
-rw-r--r--application/controllers/file.php9
1 files changed, 6 insertions, 3 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php
index f2797e7e7..2ff774c8a 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -195,9 +195,12 @@ class File extends CI_Controller {
Falling back to plain text.</p>";
}
- $this->load->view($this->var->view_dir.'/html_header', $this->data);
- $this->output->append_output($cached["output"]);
- $this->load->view($this->var->view_dir.'/html_footer', $this->data);
+ // Don't use append_output because the output class does too
+ // much magic ({elapsed_time} and {memory_usage}).
+ // Direct echo puts us on the safe side.
+ echo $this->load->view($this->var->view_dir.'/html_header', $this->data, true);
+ echo $cached["output"];
+ echo $this->load->view($this->var->view_dir.'/html_footer', $this->data, true);
}
private function _pygmentize($file, $lexer)