From: Lukas Reschke <lukas@owncloud.com>
Date: Wed, 27 Aug 2014 15:01:51 +0000 (+0200)
Subject: Escape error messages
X-Git-Tag: v8.0.0alpha1~820^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=9ab62ad5b787d44238c842f633fc950918aaa796;p=nextcloud-server.git

Escape error messages
---

diff --git a/lib/private/template.php b/lib/private/template.php
index eaa58b769d7..173345cc001 100644
--- a/lib/private/template.php
+++ b/lib/private/template.php
@@ -272,19 +272,19 @@ class OC_Template extends \OC\Template\Base {
 		if (defined('DEBUG') and DEBUG) {
 			$hint = $exception->getTraceAsString();
 			if (!empty($hint)) {
-				$hint = '<pre>'.$hint.'</pre>';
+				$hint = '<pre>'.OC_Util::sanitizeHTML($hint).'</pre>';
 			}
 			while (method_exists($exception, 'previous') && $exception = $exception->previous()) {
 				$error_msg .= '<br/>Caused by:' . ' ';
 				if ($exception->getCode()) {
-					$error_msg .= '['.$exception->getCode().'] ';
+					$error_msg .= '['.OC_Util::sanitizeHTML($exception->getCode()).'] ';
 				}
-				$error_msg .= $exception->getMessage();
+				$error_msg .= OC_Util::sanitizeHTML($exception->getMessage());
 			};
 		} else {
 			$hint = '';
 			if ($exception instanceof \OC\HintException) {
-				$hint = $exception->getHint();
+				$hint = OC_Util::sanitizeHTML($exception->getHint());
 			}
 		}
 		self::printErrorPage($error_msg, $hint);