BUGFIX Don't allow HTML formatting in RequestHandler->httpError() by sending "Content-Type: text/plain" response headers. (from r114444)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114445 467b73ca-7a2a-4603-9d3b-597d59a354a9

core/control/RequestHandler.php

@@ -301,11 +301,16 @@ class RequestHandler extends ViewableData {
 	 * {@link RequestHandler::handleAction()} and returned to the user.
 	 *
 	 * @param int $errorCode
-	 * @param string $errorMessage
+	 * @param string $errorMessage Plaintext error message
 	 * @uses SS_HTTPResponse_Exception
 	 */
 	public function httpError($errorCode, $errorMessage = null) {
-		throw new SS_HTTPResponse_Exception($errorMessage, $errorCode);
+		$e = new SS_HTTPResponse_Exception($errorMessage, $errorCode);
+
+		// Error responses should always be considered plaintext, for security reasons
+		$e->getResponse()->addHeader('Content-Type', 'text/plain');
+
+		throw $e;
 	}
 	
 	/**

dev/SapphireTest.php

@@ -1,8 +1,6 @@
 <?php
 require_once 'TestRunner.php';
 
-PhpUnitWrapper::inst()->init();
-
 /**
  * Test case class for the Sapphire framework.
  * Sapphire unit testing is based on PHPUnit, but provides a number of hooks into our data model that make it easier to work with.