diff options
| author | Florian Pritz <bluewind@xinu.at> | 2013-07-18 12:34:27 +0200 |
|---|---|---|
| committer | Florian Pritz <bluewind@xinu.at> | 2013-07-18 12:34:27 +0200 |
| commit | 3f6573b15c7395a76b9ee5e810331975baf080cf (patch) | |
| tree | 311640749deef9f835bf8837ec8daff30988458a /application/controllers | |
| parent | 05a4d686b578794c180ddfaf4945a9d7443f330e (diff) | |
file/download: output html directly, don't use output class
$this->output->parse_exec_vars is a protected variable so we can't
access it like the documentation suggests (yes this is a bug that
should be reported...), but even if it worked I'm not confident the
output class should be trusted with arbitrary input. Upstream might at
some point add another "feature" so this is the safe way to go.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/controllers')
| -rw-r--r-- | application/controllers/file.php | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/application/controllers/file.php b/application/controllers/file.php index f2797e7e7..2ff774c8a 100644 --- a/application/controllers/file.php +++ b/application/controllers/file.php @@ -195,9 +195,12 @@ class File extends CI_Controller { Falling back to plain text.</p>"; } - $this->load->view($this->var->view_dir.'/html_header', $this->data); - $this->output->append_output($cached["output"]); - $this->load->view($this->var->view_dir.'/html_footer', $this->data); + // Don't use append_output because the output class does too + // much magic ({elapsed_time} and {memory_usage}). + // Direct echo puts us on the safe side. + echo $this->load->view($this->var->view_dir.'/html_header', $this->data, true); + echo $cached["output"]; + echo $this->load->view($this->var->view_dir.'/html_footer', $this->data, true); } private function _pygmentize($file, $lexer) |