Merge pull request #5681 from Laravel-Backpack/poc-user-special-heade…

…r-to-escape-message

dont escape when developer error header is present

src/app/Exceptions/BackpackProRequiredException.php

@@ -20,6 +20,6 @@ public function render($request)
  break;
  }
 
- return abort(500, $this->getMessage());
+ return abort(500, $this->getMessage(), ['developer-error-exception']);
  }
 }

src/app/Library/CrudPanel/CrudButton.php

@@ -184,7 +184,7 @@ public function position($position)
  break;
 
  default:
- abort(500, "Unknown button position - please use 'beginning' or 'end'.");
+ abort(500, "Unknown button position - please use 'beginning' or 'end'.", ['developer-error-exception']);
  }
 
  return $this;
@@ -314,7 +314,7 @@ public function getHtml($entry = null)
  return view($button->getFinalViewPath(), compact('button', 'crud', 'entry'));
  }
 
- abort(500, 'Unknown button type');
+ abort(500, 'Unknown button type', ['developer-error-exception']);
  }
 
  /**
@@ -342,7 +342,7 @@ private function getFinalViewPath()
  }
  }
 
- abort(500, 'Button view and fallbacks do not exist for '.$this->name.' button.');
+ abort(500, 'Button view and fallbacks do not exist for '.$this->name.' button.', ['developer-error-exception']);
  }
 
  /**

src/app/Library/CrudPanel/CrudColumn.php

@@ -88,7 +88,7 @@ public static function name($name)
  public function key(string $key)
  {
  if (! isset($this->attributes['name'])) {
- abort(500, 'Column name must be defined before changing the key.');
+ abort(500, 'Column name must be defined before changing the key.', ['developer-error-exception']);
  }
 
  $columns = $this->crud()->columns();

src/app/Library/CrudPanel/CrudField.php

@@ -46,7 +46,7 @@ class CrudField
  public function __construct($nameOrDefinitionArray)
  {
  if (empty($nameOrDefinitionArray)) {
- abort(500, 'Field name can\'t be empty.');
+ abort(500, 'Field name can\'t be empty.', ['developer-error-exception']);
  }
 
  if (is_array($nameOrDefinitionArray)) {
@@ -57,7 +57,7 @@ public function __construct($nameOrDefinitionArray)
  }
 
  if (is_array($name)) {
- abort(500, 'Field name can\'t be an array. It should be a string. Error in field: '.json_encode($name));
+ abort(500, 'Field name can\'t be an array. It should be a string. Error in field: '.json_encode($name), ['developer-error-exception']);
  }
 
  $field = $this->crud()->firstFieldWhere('name', $name);
@@ -325,7 +325,7 @@ public function morphTypeField(array $configs)
  $morphField = $this->crud()->fields()[$this->attributes['name']];
 
  if (empty($morphField) || ($morphField['relation_type'] ?? '') !== 'MorphTo') {
- throw new \Exception('Trying to configure the morphType on a non-morphTo field. Check if field and relation name matches.');
+ abort(500, 'Trying to configure the morphType on a non-morphTo field. Check if field and relation name matches.', ['developer-error-exception']);
  }
  [$morphTypeField, $morphIdField] = $morphField['subfields'];
 
@@ -351,7 +351,7 @@ public function morphIdField(array $configs)
  $morphField = $this->crud()->fields()[$this->attributes['name']];
 
  if (empty($morphField) || ($morphField['relation_type'] ?? '') !== 'MorphTo') {
- throw new \Exception('Trying to configure the morphType on a non-morphTo field. Check if field and relation name matches.');
+ abort(500, 'Trying to configure the morphType on a non-morphTo field. Check if field and relation name matches.', ['developer-error-exception']);
  }
 
  [$morphTypeField, $morphIdField] = $morphField['subfields'];

src/app/Library/CrudPanel/CrudFilter.php

@@ -558,7 +558,7 @@ private function applyDefaultLogic($name, $operator, $input = null)
  break;
 
  default:
- abort(500, 'Unknown filter operator.');
+ abort(500, 'Unknown filter operator.', ['developer-error-exception']);
  break;
  }
  }

src/app/Library/CrudPanel/Traits/Buttons.php

@@ -38,7 +38,7 @@ public function orderButtons(string $stack, array $order)
  // we parse the ordered buttons
  collect($order)->each(function ($btnKey) use ($newButtons, $stackButtons) {
  if (! $button = $stackButtons->where('name', $btnKey)->first()) {
- abort(500, 'Button name [«'.$btnKey.'»] not found.');
+ abort(500, 'Button name [«'.$btnKey.'»] not found.', ['developer-error-exception']);
  }
  $newButtons->push($button);
  });
@@ -117,7 +117,7 @@ public function modifyButton($name, $modifications = null)
  $button = $this->buttons()->firstWhere('name', $name);
 
  if (! $button) {
- abort(500, 'CRUD Button "'.$name.'" not found. Please ensure the button exists before you modify it.');
+ abort(500, 'CRUD Button "'.$name.'" not found. Please ensure the button exists before you modify it.', ['developer-error-exception']);
  }
 
  if (is_array($modifications)) {

src/app/Library/CrudPanel/Traits/Fields.php

@@ -475,7 +475,7 @@ public function getStrippedSaveRequest($request)
  if (is_string($setting) && class_exists($setting)) {
  $setting = new $setting();
 
- return is_callable($setting) ? $setting($request) : abort(500, get_class($setting).' is not invokable.');
+ return is_callable($setting) ? $setting($request) : abort(500, get_class($setting).' is not invokable.', ['developer-error-exception']);
  }
 
  return $request->only($this->getAllFieldNames());

src/app/Library/CrudPanel/Traits/FieldsProtectedMethods.php

@@ -108,19 +108,19 @@ public function overwriteFieldNamesFromDotNotationToArray($fields)
  protected function makeSureFieldHasName($field)
  {
  if (empty($field)) {
- abort(500, 'Field name can\'t be empty');
+ abort(500, 'Field name can\'t be empty', ['developer-error-exception']);
  }
 
  if (is_string($field)) {
  return ['name' => Str::replace(' ', '', $field)];
  }
 
  if (is_array($field) && ! isset($field['name'])) {
- abort(500, 'All fields must have their name defined');
+ abort(500, 'All fields must have their name defined', ['developer-error-exception']);
  }
 
  if (is_array($field['name'])) {
- abort(500, 'Field name can\'t be an array. It should be a string. Error in field: '.json_encode($field['name']));
+ abort(500, 'Field name can\'t be an array. It should be a string. Error in field: '.json_encode($field['name']), ['developer-error-exception']);
  }
 
  $field['name'] = Str::replace(' ', '', $field['name']);
@@ -265,12 +265,12 @@ protected function makeSureSubfieldsHaveNecessaryAttributes($field)
  }
 
  if (! is_multidimensional_array($field['subfields'], true)) {
- abort(500, 'Subfields of «'.$field['name'].'» are malformed. Make sure you provide an array of subfields.');
+ abort(500, 'Subfields of «'.$field['name'].'» are malformed. Make sure you provide an array of subfields.', ['developer-error-exception']);
  }
 
  foreach ($field['subfields'] as $key => $subfield) {
  if (empty($subfield) || ! isset($subfield['name'])) {
- abort(500, 'A subfield of «'.$field['name'].'» is malformed. Subfield attribute name can\'t be empty.');
+ abort(500, 'A subfield of «'.$field['name'].'» is malformed. Subfield attribute name can\'t be empty.', ['developer-error-exception']);
  }
 
  // make sure the field definition is an array

src/app/Library/CrudPanel/Traits/Filters.php

@@ -73,11 +73,11 @@ protected function addFilterToCollection($options, $values = false, $filterLogic
 
  // check if another filter with the same name exists
  if (! isset($options['name'])) {
- abort(500, 'All your filters need names.');
+ abort(500, 'All your filters need names.', ['developer-error-exception']);
  }
 
  if ($this->filters()->contains('name', $options['name'])) {
- abort(500, "Sorry, you can't have two filters with the same name.");
+ abort(500, "Sorry, you can't have two filters with the same name.", ['developer-error-exception']);
  }
 
  // add a new filter to the interface
@@ -168,7 +168,7 @@ public function modifyFilter($name, $modifications)
  $filter = $this->filters()->firstWhere('name', $name);
 
  if (! $filter) {
- abort(500, 'CRUD Filter "'.$name.'" not found. Please check the filter exists before you modify it.');
+ abort(500, 'CRUD Filter "'.$name.'" not found. Please check the filter exists before you modify it.', ['developer-error-exception']);
  }
 
  if (is_array($modifications)) {

src/app/Library/CrudPanel/Traits/Macroable.php

@@ -21,7 +21,7 @@ trait Macroable
  public static function macro($name, $macro)
  {
  if (method_exists(new static(), $name)) {
- abort(500, "Cannot register '$name' macro. '$name()' already exists on ".get_called_class());
+ abort(500, "Cannot register '$name' macro. '$name()' already exists on ".get_called_class(), ['developer-error-exception']);
  }
 
  static::parentMacro($name, $macro);

src/app/Library/CrudPanel/Traits/Read.php

@@ -385,7 +385,7 @@ public function getPageLengthMenu()
  private function abortIfInvalidPageLength($value)
  {
  if ($value === 0 || (is_array($value) && in_array(0, $value))) {
- abort(500, 'You should not use 0 as a key in paginator. If you are looking for "ALL" option, use -1 instead.');
+ abort(500, 'You should not use 0 as a key in paginator. If you are looking for "ALL" option, use -1 instead.', ['developer-error-exception']);
  }
  }
 

src/app/Library/CrudPanel/Traits/Relationships.php

@@ -33,7 +33,7 @@ public function getRelationInstance($field)
  return $relation;
  }
 
- abort(500, 'Looks like field <code>'.$field['name'].'</code> is not properly defined. The <code>'.$field['entity'].'()</code> relationship doesn\'t seem to exist on the <code>'.get_class($model).'</code> model.');
+ abort(500, 'Looks like field <code>'.$field['name'].'</code> is not properly defined. The <code>'.$field['entity'].'()</code> relationship doesn\'t seem to exist on the <code>'.get_class($model).'</code> model.', ['developer-error-exception']);
  }
 
  /**

src/app/Library/CrudPanel/Traits/SaveActions.php

@@ -80,7 +80,7 @@ public function addSaveAction(array $saveAction)
  {
  $orderCounter = $this->getOperationSetting('save_actions') !== null ? (count($this->getOperationSetting('save_actions')) + 1) : 1;
  //check for some mandatory fields
- $saveAction['name'] ?? abort(500, 'Please define save action name.');
+ $saveAction['name'] ?? abort(500, 'Please define save action name.', ['developer-error-exception']);
  $saveAction['redirect'] = $saveAction['redirect'] ?? fn ($crud, $request, $itemId) => $request->has('_http_referrer') ? $request->get('_http_referrer') : $crud->route;
  $saveAction['visible'] = $saveAction['visible'] ?? true;
  $saveAction['button_text'] = $saveAction['button_text'] ?? $saveAction['name'];

src/app/Library/CrudPanel/Traits/Search.php

@@ -25,7 +25,7 @@ public function applySearchTerm($searchTerm)
  return $this->query->where(function ($query) use ($searchTerm) {
  foreach ($this->columns() as $column) {
  if (! isset($column['type'])) {
- abort(400, 'Missing column type when trying to apply search term.');
+ abort(500, 'Missing column type when trying to apply search term.', ['developer-error-exception']);
  }
 
  $this->applySearchLogicForColumn($query, $column, $searchTerm);

src/app/Library/CrudPanel/Traits/Validation.php

@@ -73,7 +73,7 @@ public function setValidation($classOrRulesArray = false, $messages = [], $attri
  } elseif (is_string($classOrRulesArray) && class_exists($classOrRulesArray) && is_a($classOrRulesArray, FormRequest::class, true)) {
  $this->setValidationFromRequest($classOrRulesArray);
  } else {
- abort(500, 'Please pass setValidation() nothing, a rules array or a FormRequest class.');
+ abort(500, 'Please pass setValidation() nothing, a rules array or a FormRequest class.', ['developer-error-exception']);
  }
  }
 

src/app/Library/Uploaders/Support/RegisterUploadEvents.php

@@ -21,7 +21,7 @@ public function __construct(
  $this->crudObjectType = is_a($crudObject, CrudField::class) ? 'field' : (is_a($crudObject, CrudColumn::class) ? 'column' : null);
 
  if (! $this->crudObjectType) {
- abort(500, 'Upload handlers only work for CrudField and CrudColumn classes.');
+ abort(500, 'Upload handlers only work for CrudField and CrudColumn classes.', ['developer-error-exception']);
  }
  }
 

src/app/Library/Widget.php

@@ -172,7 +172,7 @@ public function getFinalViewPath()
  if (! backpack_pro()) {
  throw new BackpackProRequiredException('Cannot find the widget view: '.$this->attributes['type'].'. Please check for typos.'.(backpack_pro() ? '' : ' If you are trying to use a PRO widget, please first purchase and install the backpack/pro addon from backpackforlaravel.com'), 1);
  }
- abort(500, 'Cannot find the view for «'.$this->attributes['type'].'» widget type. Please check for typos.');
+ abort(500, 'Cannot find the view for «'.$this->attributes['type'].'» widget type. Please check for typos.', ['developer-error-exception']);
  }
 
  // -------

src/app/Models/Traits/HasEnumFields.php

@@ -27,7 +27,7 @@ public static function getPossibleEnumValues($field_name)
 
  $type = $connection->select($select)[0]->Type;
  } catch (\Exception $e) {
- abort(500, 'Enum field type is not supported - it only works on MySQL. Please use select_from_array instead.');
+ abort(500, 'Enum field type is not supported - it only works on MySQL. Please use select_from_array instead.', ['developer-error-exception']);
  }
 
  preg_match('/^enum\((.*)\)$/', $type, $matches);

src/helpers.php

@@ -272,7 +272,7 @@ function backpack_view($view)
  return '- Called in: '.Str::after($functionFile, base_path()).' on line: '.$functionLine;
  })();
 
- abort(500, $errorMessage.$errorDetails);
+ abort(500, $errorMessage.$errorDetails, ['developer-error-exception']);
  }
 }
 

src/resources/views/ui/errors/4xx.blade.php

@@ -2,14 +2,15 @@
 
 @php
  $error_number ??= 400;
+ $shouldEscape = ! in_array('developer-error-exception', $exception->getHeaders());
 @endphp
 
 @section('title')
  {{ trans('backpack::base.error_page.'.$error_number) }}
 @endsection
 
 @section('description')
- {!! $exception?->getMessage() && config('app.debug') ? e($exception->getMessage()) : trans('backpack::base.error_page.message_4xx', [
+ {!! $exception?->getMessage() && config('app.debug') ? ($shouldEscape ? e($exception->getMessage()) : $exception->getMessage()) : trans('backpack::base.error_page.message_4xx', [
  'href_back' => 'href="javascript:history.back()"',
  'href_homepage' => 'href="'.url('').'"',
  ]) !!}

src/resources/views/ui/errors/500.blade.php

@@ -2,12 +2,13 @@
 
 @php
  $error_number = 500;
+ $shouldEscape = ! in_array('developer-error-exception', $exception->getHeaders());
 @endphp
 
 @section('title')
  {{ trans('backpack::base.error_page.500') }}
 @endsection
 
 @section('description')
- {!! $exception?->getMessage() && config('app.debug') ? e($exception->getMessage()) : trans('backpack::base.error_page.message_500') !!}
+ {!! $exception?->getMessage() && config('app.debug') ? ($shouldEscape ? e($exception->getMessage()) : $exception->getMessage()) : trans('backpack::base.error_page.message_500') !!}
 @endsection

src/resources/views/ui/errors/503.blade.php

@@ -2,12 +2,13 @@
 
 @php
  $error_number = 503;
+ $shouldEscape = ! in_array('developer-error-exception', $exception->getHeaders());
 @endphp
 
 @section('title')
  {{ trans('backpack::base.error_page.503') }}
 @endsection
 
 @section('description')
- {!! $exception?->getMessage() && config('app.debug') ? e($exception->getMessage()) : trans('backpack::base.error_page.message_503') !!}
+ {!! $exception?->getMessage() && config('app.debug') ? ($shouldEscape ? e($exception->getMessage()) : $exception->getMessage()) : trans('backpack::base.error_page.message_503') !!}
 @endsection

tests/Unit/CrudPanel/CrudPanelButtonsTest.php

@@ -362,7 +362,7 @@ public function testThrowsErrorInUnknownPosition()
  } catch (\Throwable $e) {
  }
  $this->assertEquals(
- new \Symfony\Component\HttpKernel\Exception\HttpException(500, 'Unknown button position - please use \'beginning\' or \'end\'.'),
+ new \Symfony\Component\HttpKernel\Exception\HttpException(500, 'Unknown button position - please use \'beginning\' or \'end\'.', null, ['developer-error-exception']),
  $e
  );
  }

tests/Unit/CrudPanel/CrudPanelFieldsTest.php

@@ -658,7 +658,7 @@ public function testItAbortsOnUnexpectedEntity()
  } catch (\Throwable $e) {
  }
  $this->assertEquals(
- new \Symfony\Component\HttpKernel\Exception\HttpException(500, 'Looks like field <code>doesNotExist</code> is not properly defined. The <code>doesNotExist()</code> relationship doesn\'t seem to exist on the <code>Backpack\CRUD\Tests\Config\Models\TestModel</code> model.'),
+ new \Symfony\Component\HttpKernel\Exception\HttpException(500, 'Looks like field <code>doesNotExist</code> is not properly defined. The <code>doesNotExist()</code> relationship doesn\'t seem to exist on the <code>Backpack\CRUD\Tests\Config\Models\TestModel</code> model.', null, ['developer-error-exception']),
  $e
  );
  }
@@ -903,7 +903,7 @@ public function testItAbortsWithEmptyNamesFluently()
  } catch (\Throwable $e) {
  }
  $this->assertEquals(
- new \Symfony\Component\HttpKernel\Exception\HttpException(500, 'Field name can\'t be empty.'),
+ new \Symfony\Component\HttpKernel\Exception\HttpException(500, 'Field name can\'t be empty.', null, ['developer-error-exception']),
  $e
  );
  }

tests/Unit/CrudPanel/CrudPanelMacroTest.php

@@ -27,7 +27,7 @@ public function testThrowsErrorIfMacroExists()
  } catch (\Throwable $e) {
  }
  $this->assertEquals(
- new \Symfony\Component\HttpKernel\Exception\HttpException(500, 'Cannot register \'setModel\' macro. \'setModel()\' already exists on Backpack\CRUD\app\Library\CrudPanel\CrudPanel'),
+ new \Symfony\Component\HttpKernel\Exception\HttpException(500, 'Cannot register \'setModel\' macro. \'setModel()\' already exists on Backpack\CRUD\app\Library\CrudPanel\CrudPanel', null, ['developer-error-exception']),
  $e
  );
  }

tests/Unit/CrudPanel/CrudPanelValidationTest.php

@@ -203,7 +203,7 @@ public function testItThrowsExceptionWithInvalidValidationClass()
  } catch (\Throwable $e) {
  }
  $this->assertEquals(
- new \Symfony\Component\HttpKernel\Exception\HttpException(500, 'Please pass setValidation() nothing, a rules array or a FormRequest class.'),
+ new \Symfony\Component\HttpKernel\Exception\HttpException(500, 'Please pass setValidation() nothing, a rules array or a FormRequest class.', null, ['developer-error-exception']),
  $e
  );
  }