]> git.openstreetmap.org Git - nominatim.git/commitdiff
properly encode special HTML characters in debug mode
authorSarah Hoffmann <lonvia@denofr.de>
Mon, 20 Feb 2023 14:41:04 +0000 (15:41 +0100)
committerSarah Hoffmann <lonvia@denofr.de>
Mon, 20 Feb 2023 14:43:03 +0000 (15:43 +0100)
lib-php/DebugHtml.php

index 5d12be678e4ac5ca95f981a63d067944ef6510a0..2207d52915cfcefcb66184d8f6197d72d019af70 100644 (file)
@@ -135,7 +135,7 @@ class Debug
 
     public static function printSQL($sSQL)
     {
-        echo '<p><tt><b>'.date('c').'</b> <font color="#aaa">'.$sSQL.'</font></tt></p>'."\n";
+        echo '<p><tt><b>'.date('c').'</b> <font color="#aaa">'.htmlspecialchars($sSQL).'</font></tt></p>'."\n";
     }
 
     private static function outputVar($mVar, $sPreNL)
@@ -178,11 +178,12 @@ class Debug
         }
 
         if (is_string($mVar)) {
-            echo "'$mVar'";
-            return strlen($mVar) + 2;
+            $sOut = "'$mVar'";
+        } else {
+            $sOut = (string)$mVar;
         }
 
-        echo (string)$mVar;
-        return strlen((string)$mVar);
+        echo htmlspecialchars($sOut);
+        return strlen($sOut);
     }
 }