diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2014-08-27 17:01:51 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2014-08-28 09:37:38 +0200 |
| commit | 1d5a664dc0fb15314b376902f3ff1ae6cf3bfde7 (patch) | |
| tree | ab8d352335923f89df46ed2d487e8b8557784290 /lib/private | |
| parent | 4a3e6dd528ba6600c412c173622edc467b5d0341 (diff) | |
| download | nextcloud-server-1d5a664dc0fb15314b376902f3ff1ae6cf3bfde7.tar.gz nextcloud-server-1d5a664dc0fb15314b376902f3ff1ae6cf3bfde7.zip | |
Escape error messages
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/template.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/private/template.php b/lib/private/template.php index 4519ae8e609..9fd72838695 100644 --- a/lib/private/template.php +++ b/lib/private/template.php @@ -267,19 +267,19 @@ class OC_Template extends \OC\Template\Base { if (defined('DEBUG') and DEBUG) { $hint = $exception->getTraceAsString(); if (!empty($hint)) { - $hint = '<pre>'.$hint.'</pre>'; + $hint = '<pre>'.OC_Util::sanitizeHTML($hint).'</pre>'; } while (method_exists($exception, 'previous') && $exception = $exception->previous()) { $error_msg .= '<br/>Caused by:' . ' '; if ($exception->getCode()) { - $error_msg .= '['.$exception->getCode().'] '; + $error_msg .= '['.OC_Util::sanitizeHTML($exception->getCode()).'] '; } - $error_msg .= $exception->getMessage(); + $error_msg .= OC_Util::sanitizeHTML($exception->getMessage()); }; } else { $hint = ''; if ($exception instanceof \OC\HintException) { - $hint = $exception->getHint(); + $hint = OC_Util::sanitizeHTML($exception->getHint()); } } self::printErrorPage($error_msg, $hint); |