fix: improve error handling by escaping output in exceptions

dermatz · dermatz · commit 0dfbb6a40a43 · 2025-12-05T15:01:21.000+01:00
diff --git a/src/Console/Command/Hyva/TokensCommand.php b/src/Console/Command/Hyva/TokensCommand.php
@@ -76,8 +76,11 @@ protected function executeCommand(InputInterface $input, OutputInterface $output
                 return Command::SUCCESS;
             }
 
-            $options = array_map(fn($theme) => $theme->getCode(), $hyvaThemes);
-            
+            $options = [];
+            foreach ($hyvaThemes as $theme) {
+                $options[] = $theme->getCode();
+            }
+
             $themeCodePrompt = new SelectPrompt(
                 label: 'Select Hyvä theme to generate tokens for',
                 options: $options,
diff --git a/src/Service/DependencyChecker.php b/src/Service/DependencyChecker.php
@@ -7,7 +7,6 @@
 use Magento\Framework\Filesystem\Driver\File;
 use Symfony\Component\Console\Style\SymfonyStyle;
 use Magento\Framework\Shell;
-
 class DependencyChecker
 {
     private const PACKAGE_JSON = 'package.json';
diff --git a/src/Service/HyvaTokens/ConfigReader.php b/src/Service/HyvaTokens/ConfigReader.php
@@ -30,7 +30,7 @@ public function __construct(
     public function getConfig(string $themePath): array
     {
         $configPath = $this->getConfigPath($themePath);
-        
+
         // Default configuration
         $config = [
             'src' => self::DEFAULT_SOURCE,
@@ -41,16 +41,16 @@ public function getConfig(string $themePath): array
 
         if ($this->fileDriver->isExists($configPath)) {
             $configContent = $this->fileDriver->fileGetContents($configPath);
-            
+
             try {
                 $jsonConfig = json_decode($configContent, true, 512, JSON_THROW_ON_ERROR);
             } catch (\JsonException $e) {
-                throw new \Exception("Invalid JSON in configuration file: " . $e->getMessage());
+                throw new \Exception("Invalid JSON in configuration file: " . htmlspecialchars($e->getMessage(), ENT_QUOTES, 'UTF-8'));
             }
 
             if (isset($jsonConfig['tokens'])) {
                 $tokensConfig = $jsonConfig['tokens'];
-                
+
                 // Override with config file values
                 if (isset($tokensConfig['src'])) {
                     $config['src'] = $tokensConfig['src'];
diff --git a/src/Service/HyvaTokens/CssGenerator.php b/src/Service/HyvaTokens/CssGenerator.php
@@ -51,7 +51,7 @@ public function write(string $content, string $outputPath): bool
         $pathParts = explode('/', $outputPath);
         array_pop($pathParts); // Remove filename
         $directory = implode('/', $pathParts);
-        
+
         if (!$this->fileDriver->isDirectory($directory)) {
             $this->fileDriver->createDirectory($directory, 0750);
         }
@@ -60,7 +60,7 @@ public function write(string $content, string $outputPath): bool
             $this->fileDriver->filePutContents($outputPath, $content);
             return true;
         } catch (\Exception $e) {
-            throw new \Exception("Failed to write CSS file: " . $e->getMessage());
+            throw new \Exception("Failed to write CSS file: " . htmlspecialchars($e->getMessage(), ENT_QUOTES, 'UTF-8'));
         }
     }
 }
diff --git a/src/Service/HyvaTokens/TokenParser.php b/src/Service/HyvaTokens/TokenParser.php
@@ -34,15 +34,15 @@ public function parse(?string $filePath, ?array $inlineValues, string $format):
 
         // Otherwise, read from file
         if ($filePath === null || !$this->fileDriver->isFile($filePath)) {
-            throw new \Exception("Token source file not found: " . ($filePath ?? 'null'));
+            throw new \Exception("Token source file not found: " . htmlspecialchars($filePath ?? 'null', ENT_QUOTES, 'UTF-8'));
         }
 
         $content = $this->fileDriver->fileGetContents($filePath);
-        
+
         try {
             $tokens = json_decode($content, true, 512, JSON_THROW_ON_ERROR);
         } catch (\JsonException $e) {
-            throw new \Exception("Invalid JSON in token file: " . $e->getMessage());
+            throw new \Exception("Invalid JSON in token file: " . htmlspecialchars($e->getMessage(), ENT_QUOTES, 'UTF-8'));
         }
 
         return $this->normalizeTokens($tokens, $format);
diff --git a/src/Service/ThemeBuilder/BuilderFactory.php b/src/Service/ThemeBuilder/BuilderFactory.php
@@ -16,7 +16,7 @@ public function addBuilder(BuilderInterface $builder): void
     public function create(string $type): BuilderInterface
     {
         if (!isset($this->builders[$type])) {
-            throw new \InvalidArgumentException("Builder $type not found");
+            throw new \InvalidArgumentException("Builder " . htmlspecialchars($type, ENT_QUOTES, 'UTF-8') . " not found");
         }
 
         return $this->builders[$type];

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,6 @@`
`7`	`7`	`use Magento\Framework\Filesystem\Driver\File;`
`8`	`8`	`use Symfony\Component\Console\Style\SymfonyStyle;`
`9`	`9`	`use Magento\Framework\Shell;`
`10`		`-`
`11`	`10`	`class DependencyChecker`
`12`	`11`	`{`
`13`	`12`	`private const PACKAGE_JSON = 'package.json';`
Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ public function write(string $content, string $outputPath): bool`
`51`	`51`	`$pathParts = explode('/', $outputPath);`
`52`	`52`	`array_pop($pathParts); // Remove filename`
`53`	`53`	`$directory = implode('/', $pathParts);`
`54`		`-`
	`54`	`+`
`55`	`55`	`if (!$this->fileDriver->isDirectory($directory)) {`
`56`	`56`	`$this->fileDriver->createDirectory($directory, 0750);`
`57`	`57`	`}`
`@@ -60,7 +60,7 @@ public function write(string $content, string $outputPath): bool`
`60`	`60`	`$this->fileDriver->filePutContents($outputPath, $content);`
`61`	`61`	`return true;`
`62`	`62`	`} catch (\Exception $e) {`
`63`		`- throw new \Exception("Failed to write CSS file: " . $e->getMessage());`
	`63`	`+ throw new \Exception("Failed to write CSS file: " . htmlspecialchars($e->getMessage(), ENT_QUOTES, 'UTF-8'));`
`64`	`64`	`}`
`65`	`65`	`}`
`66`	`66`	`}`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ public function addBuilder(BuilderInterface $builder): void`
`16`	`16`	`public function create(string $type): BuilderInterface`
`17`	`17`	`{`
`18`	`18`	`if (!isset($this->builders[$type])) {`
`19`		`- throw new \InvalidArgumentException("Builder $type not found");`
	`19`	`+ throw new \InvalidArgumentException("Builder " . htmlspecialchars($type, ENT_QUOTES, 'UTF-8') . " not found");`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	`return $this->builders[$type];`