From 513175ce23674abffdd2ebe59fdb1a600c91cd01 Mon Sep 17 00:00:00 2001 From: Sarah Hoffmann Date: Mon, 20 Feb 2023 15:41:04 +0100 Subject: [PATCH] properly encode special HTML characters in debug mode --- lib-php/DebugHtml.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/lib-php/DebugHtml.php b/lib-php/DebugHtml.php index 5d12be67..2207d529 100644 --- a/lib-php/DebugHtml.php +++ b/lib-php/DebugHtml.php @@ -135,7 +135,7 @@ class Debug public static function printSQL($sSQL) { - echo '

'.date('c').' '.$sSQL.'

'."\n"; + echo '

'.date('c').' '.htmlspecialchars($sSQL).'

'."\n"; } private static function outputVar($mVar, $sPreNL) @@ -178,11 +178,12 @@ class Debug } if (is_string($mVar)) { - echo "'$mVar'"; - return strlen($mVar) + 2; + $sOut = "'$mVar'"; + } else { + $sOut = (string)$mVar; } - echo (string)$mVar; - return strlen((string)$mVar); + echo htmlspecialchars($sOut); + return strlen($sOut); } } -- 2.39.5