My guess is that you are adding “echo” to a function call that calls echo itself and returns a boolean, such as $view[‘slots’]->output().
Do you see “echo $view[‘slots’]->output()” in your code? k On Wednesday, April 20, 2011 at 2:54 PM, Arief M Utama wrote: Hi all, > > > I'm resending this again, as I still dont see it in my inbox. > > First, I've to say I'm amazed by Symfony2 framework. I'm a symfony > user/developer since symfony1.0, so I know a little about bits and pieces > about symfony, but I still think that Symfony2 looks like a better and very > promising framework. > > Now, I'm having this bug in the Symfony2 framework if I choose to use php as > the templating engine. > > I was following the code in the simple "Hello World" introduction using PR11 > release. I created a new "Study" bundle following the code in the book. And > replace the templates with ".php" instead of ".twig" > > The thing is the final render() calls always add and extra character, which > is digit "1". > > So when I tried to call: > > app.php/hello/Arief > > What will came up in the page is: > > "Hello, Arief! 1" > > instead of just: > > "Hello, Arief!" > > Investigating this issue, I noticed that in file: > > Symfony/Component/Templating/PhpEngine.php > > The extra "1" char is added when the base template (base.html.php) was > filled in by the content of the hello template > (HelloBundle:Default:index.html.php) > > At the hello template stage, there is no extra "1" char in the content, but > when the base template evaluated, the char appeared in the content. > > I think this has something to do with the function evaluate() in that > PhpEngine.php file, there is this "extract($parameters)" code before the > template is required. I believe, somehow one of the extracted parameters > generated this digit "1" character, I'm not sure which one, or how it > happened, yet. > > I'd very much appreciate if anyone can help explain why is that happened and > how to fixed it. If more info is required from me, I'll be happy to provide > em. I was trying to attch my base.html.php and index.html.php but somehow my > mail cant get thru with em. > > Btw, when I tried to var_dump() the $parameters passed in the evaluate() > function, I was a bit surprised cause it contains every parameters that > Symfony has access to. There is also database connection details in that > variable. > > I'm not a security expert, so I could be wrong about this, but I think there > might be security flaw here, if an attacker could somehow trick the > application to var_dump the $parameters variable everything will be exposed. > > To be a bit paranoid, may I suggest we create 2 parameters variables, one > that can safely be passed around everywhere, and another with some sort of > security perimeters. Please CMIIW on this one. > > Thank you for the great framework. > > > All the best. > -arief > > -- > If you want to report a vulnerability issue on symfony, please send it to > security at symfony-project.com > > You received this message because you are subscribed to the Google > Groups "symfony developers" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/symfony-devs?hl=en > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
